If you implement Passwordless Authentication in computer logon using certificates, then you need to provide the Certificate Revocation List (CRL) service. By default, DualShield provides the CRL service as a part of the SSO service and publishes it on port 8074.
In some deployments, you might need to publish the CRL service on an alternative port number. For instance, if you have implemented the Device Certificate authentication method in your DualShield system, then you must publish the CRL service on an alternative port number.
To publish the CRL service on an alternative port number, follow the steps below.
Add a new connector
Open the file "C:\Program Files\Deepnet DualShield\tomcat\conf\server.xml" in a text editor such as Notepad
Find the tag <Service name="SSO">
Copy the first connector, i.e. port=8074
Add a new connector based on the copy
Make sure that in the new connector set clientAuth="false" and set port number to a new port, e.g. 8092
Save the server.xml file, then restart the DualShield service
Use the new connector
In the Computer Logon Client policy, enter the URL of the new connector as the Certificate Revocation List
The URL should be provided in the format of "https://your-dualshield-fqdn:8092/sso"
