Skip Navigation

Enable SSO certificate revocation list checking

When single sign-on is enabled for your organization, a CRL is maintained. A CRL is a list of digital certificates that have been revoked and should not be trusted. If CRL checking is enabled, 
BlackBerry AtHoc
 checks the CRL before initiating a SAML authentication request to an identity provider or after receiving an SAML response from the IDP.
  1. In the navigation bar, click Settings icon
  2. In the 
    System Setup
     section, click 
    Security Policy
    .
  3. In the 
    SSO CRL (Certificate Revocation List) Settings
     section, select the 
    Enable CRL Checking
     option.
    If the 
    SSO CRL (Certificate Revocation List) Settings
     section is not visible, single sign-on is not enabled. See Enable single sign-on for Self Service and Enable single sign-on for the BlackBerry AtHoc management system.
  4. In the 
    CRL Timeout Interval
     field, enter the number of seconds to allow for certificate validation information to be retrieved from the CA. The minimum is 1 and the maximum is 60 seconds. The default is 20 seconds.
  5. Optionally, select the 
    Ignore Verification Errors
     option. If this option is selected, a certificate that fails verification will continue to be used and an error is logged. If this option is not selected, any certificate that fails verification is not used.
  6. Click 
    Save
    .