diff --git a/src/authm_mad/remotes/x509/x509_auth.conf b/src/authm_mad/remotes/x509/x509_auth.conf
index b841529176..570843835a 100644
--- a/src/authm_mad/remotes/x509/x509_auth.conf
+++ b/src/authm_mad/remotes/x509/x509_auth.conf
@@ -2,3 +2,6 @@
 # the server, each CA certificate shoud be name CA_hash.0
 
 #:ca_dir: "/etc/one/auth/certificates"
+
+# Uncoment this line if you want to force crl checking
+#:check_crl: true
diff --git a/src/authm_mad/remotes/x509/x509_auth.rb b/src/authm_mad/remotes/x509/x509_auth.rb
index 4cdb0c7890..24ff82d63f 100644
--- a/src/authm_mad/remotes/x509/x509_auth.rb
+++ b/src/authm_mad/remotes/x509/x509_auth.rb
@@ -199,7 +199,6 @@ private
     ###########################################################################
     def validate
         now    = Time.now
-        failed = "Could not validate user credentials: "
 
         # Check start time and end time of certificates
         @cert_chain.each do |cert|
@@ -213,6 +212,8 @@ private
             # Validate the proxy certifcates
             signee = @cert_chain[0]
 
+            check_crl(signee)
+
             @cert_chain[1..-1].each do |cert|
                 if !((signee.issuer.to_s == cert.subject.to_s) &&
                      (signee.verify(cert.public_key)))
@@ -247,4 +248,41 @@ private
             raise
         end
     end
+
+    def check_crl(signee)
+        failed = "Could not validate user credentials: "
+
+        ca_hash = signee.issuer.hash.to_s(16)
+        ca_path = @options[:ca_dir] + '/' + ca_hash + '.0'
+
+        crl_path = @options[:ca_dir] + '/' + ca_hash + '.r0'
+
+        if !File.exist?(crl_path)
+            if @options[:check_crl]
+                raise failed + "CRL file #{crl_path} does not exist"
+            else
+                return
+            end
+        end
+
+        ca_cert = OpenSSL::X509::Certificate.new( File.read(ca_path) )
+        crl_cert = OpenSSL::X509::CRL.new( File.read(crl_path) )
+
+        # First verify the CRL itself with its signer
+        unless crl_cert.verify( ca_cert.public_key ) then
+            raise failed + "CRL is not verified by its Signer"
+        end
+
+        # Extract the list of revoked certificates from the CRL
+        rc_array = crl_cert.revoked
+
+        # Loop over the list and compare with the target personal
+        # certificate
+        rc_array.each do |e|
+            if e.serial.eql?(signee.serial) then
+                raise failed + "#{signee.subject.to_s} is found in the "<<
+                    "CRL, i.e. it is revoked"
+            end
+        end
+    end
 end
diff --git a/src/sunstone/OpenNebulaVNC.rb b/src/sunstone/OpenNebulaVNC.rb
index 9ac0cd4b92..15ea9e292c 100644
--- a/src/sunstone/OpenNebulaVNC.rb
+++ b/src/sunstone/OpenNebulaVNC.rb
@@ -63,7 +63,7 @@ class OpenNebulaVNC
         end
 
         if @proxy_path == nil || @proxy_path.empty?
-            @logger.error "VNC proxy not configured"
+            @logger.error "VNC proxy not configured. Try #{SHARE_LOCATION}/install_novnc.sh"
             return false
         end
 
diff --git a/src/sunstone/bin/novnc-server b/src/sunstone/bin/novnc-server
index e203ff4bf6..20d2772a50 100755
--- a/src/sunstone/bin/novnc-server
+++ b/src/sunstone/bin/novnc-server
@@ -23,12 +23,14 @@ if !ONE_LOCATION
     LOG_LOCATION = "/var/log/one"
     LOCK_LOCATION = "/var/lock/one"
     VAR_LOCATION = "/var/lib/one"
+    SHARE_LOCATION = "/usr/share/one"
     ETC_LOCATION = "/etc/one"
     RUBY_LIB_LOCATION = "/usr/lib/one/ruby"
 else
     VAR_LOCATION = ONE_LOCATION + "/var"
     LOCK_LOCATION = ONE_LOCATION + "/var"
     LOG_LOCATION = ONE_LOCATION + "/var"
+    SHARE_LOCATION = ONE_LOCATION + "/share"
     ETC_LOCATION = ONE_LOCATION + "/etc"
     RUBY_LIB_LOCATION = ONE_LOCATION+"/lib/ruby"
 end
diff --git a/src/sunstone/etc/sunstone-server.conf b/src/sunstone/etc/sunstone-server.conf
index 0104ff5e17..de5da49729 100644
--- a/src/sunstone/etc/sunstone-server.conf
+++ b/src/sunstone/etc/sunstone-server.conf
@@ -34,6 +34,9 @@
 # Place where to store sessions, this value can be memory or memcache
 # Use memcache when starting multiple server processes, for example,
 # with passenger
+#
+# NOTE. memcache needs a separate memcached server to be configured. Refer
+# to memcached documentation to configure the server.
 :sessions: memory
 
 # Memcache configuration
diff --git a/src/sunstone/sunstone-server.rb b/src/sunstone/sunstone-server.rb
index 35eac27f14..ac64ad5f49 100755
--- a/src/sunstone/sunstone-server.rb
+++ b/src/sunstone/sunstone-server.rb
@@ -81,7 +81,7 @@ set :bind, settings.config[:host]
 set :port, settings.config[:port]
 
 case settings.config[:sessions]
-when 'memory'
+when 'memory', nil
     use Rack::Session::Pool, :key => 'sunstone'
 when 'memcache'
     memcache_server=settings.config[:memcache_host]+':'<<
@@ -92,7 +92,6 @@ when 'memcache'
     use Rack::Session::Memcache,
         :memcache_server => memcache_server,
         :namespace => settings.config[:memcache_namespace]
-
 else
     STDERR.puts "Wrong value for :sessions in configuration file"
     exit(-1)
diff --git a/src/vmm_mad/remotes/xen/attach_nic b/src/vmm_mad/remotes/xen/attach_nic
index 58c7d809b6..40592ebc51 100755
--- a/src/vmm_mad/remotes/xen/attach_nic
+++ b/src/vmm_mad/remotes/xen/attach_nic
@@ -16,7 +16,7 @@
 # limitations under the License.                                             #
 #--------------------------------------------------------------------------- #
 
-source $(dirname $0)/kvmrc
+source $(dirname $0)/xenrc
 source $(dirname $0)/../../scripts_common.sh
 
 DOMAIN=$1
diff --git a/src/vmm_mad/remotes/xen/detach_nic b/src/vmm_mad/remotes/xen/detach_nic
index 5ae5221596..e8a68f4682 100755
--- a/src/vmm_mad/remotes/xen/detach_nic
+++ b/src/vmm_mad/remotes/xen/detach_nic
@@ -16,7 +16,7 @@
 # limitations under the License.                                             #
 #--------------------------------------------------------------------------- #
 
-source $(dirname $0)/kvmrc
+source $(dirname $0)/xenrc
 source $(dirname $0)/../../scripts_common.sh
 
 DOMAIN=$1