Just curious at present what happens when you set revocationEnabled to true in validatorconfiguration.
What i expect to see that you will see a failure during certificate validation stating that CRL information not present in the certs. Do you see that or does it appear like the revocationEnabled flag has been ignored. If your answer is that it is being ignored, then make sure you have Metro 1.4 installed on GlassFish and then you should see certificate validation failures.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=320929