Keeping revocation information up to date

As a best practice, configure Content Gateway to check the status of any certificate before accepting it, to ensure that the certificate has not been revoked. There are 2 methods of doing this: through CRLs (see Certificate revocation lists) and through OCSP (see Online certification status protocol).

CRLs may include information about thousands of certificates, and may therefore take some time to download and process.
OCSP operates on a request/response basis for individual certificates, which may improve performance, but not all CAs provide OCSP responses.