SSLCRLCHECK System Option

Specifies whether a Certificate Revocation List (CRL) is checked when a digital certificate is validated.
Client: optional
Server: optional
Valid in: Configuration file, OPTIONS statement, SAS System Options window, SAS invocation, SAS/CONNECT spawner command line
Category: Communications: Networking and Encryption
PROC OPTIONS GROUP= Communications
Operating environment: UNIX, Windows, z/OS
Tip: When additional encryption options are specified on the spawner command line, the options must be included in the -SASCMD value. The spawner does not automatically pass the encryption values. For detailed information about -SASCMD, see Starting the UNIX Spawner in Communications Access Methods for SAS/CONNECT and SAS/SHARE, Starting the Windows Spawner in Communications Access Methods for SAS/CONNECT and SAS/SHARE, and Options to Start the z/OS Spawner in Communications Access Methods for SAS/CONNECT and SAS/SHARE.

Syntax

SSLCRLCHECK | NOSSLCRLCHECK

Syntax Description

SSLCRLCHECK
specifies that CRLs are checked when digital certificates are validated.
NOSSLCRLCHECK
specifies that CRLs are not checked when digital certificates are validated.

Details

A Certificate Revocation List (CRL) is published by a Certification Authority (CA) and contains a list of revoked digital certificates. The list contains only the revoked digital certificates that were issued by a specific CA.
The SSLCRLCHECK option is required at the server only if the SSLCLIENTAUTH option is also specified at the server. Because clients check server digital certificates, this option is relevant for the client.