Certificate Revocation Lists (CRLs) have long been used to in the context of PKI (Public Key Infrastructure). The Vordel Gateway makes it simple to validate a certificate against a CRL. Here are the steps for the case where a certificate is pulled down from a URL:
1) Place the certificate you want to validate into a "certificate" attribute. If you've validated a signature then you'll have this step done for you already, since the signature verification filter automatically populates a "certificate" attribute with the certificate used in the signature. Alternatively, you can use a "Find Certificate" filter to find the certificate from the local Gateway certificate store, or from an LDAP directory, etc.
2) Now, use a "CRL (Dynamic)" filter to pull down the CRL from a URL automatically. Note that any certificate used to sign the CRL must be present in the Gateway's Certificate store, since the Gateway will validate the certificate of the CRL's signature. The filter will return TRUE (green path) if the certificate is not on the CRL, and return FALSE (red path) if the certificate is on the CRL (i.e. it's revoked).
And that's all you have to do. All the hard work of validating the certificate against the CRL is done for you using the "CRL (Dynamic)" filter. It's another example of where using an Application Gateway is much easier than trying to do the same thing yourself with code.
Lazily musing about sharing
1 hour ago