DEA maintains certificate revocation lists of CSOS certificates it has issued and revoked for one reason or another. Revoked certificates are not valid for CSOS order signing. Activator fails a CSOS order signed with a revoked user certificate.
Whether you are sending or receiving signed orders, you need to have CRL checking in place. With CSOS functionality enabled in your user license, CRL checking is active by default. Activator reads a URL in the CSOS user certificate and downloads a CRL to use in checking for invalid certificates. CRL files are stored in <install directory>\common\conf\crls.
To verify CRL checking is active, click System management on the top toolbar in the user interface. Click the task Manage CRLs and then Manage CRL usage and retrieval. Make sure the following options are selected: Require CRLs and Automatically retrieve CRLs.
For more details about CRLs, see Manage certificate revocation lists (CRLs) .