Setting the Certificate Revocation List (CRL) Configuration
A certificate revocation list
(CRL) is a list of revoked certificates that are no longer valid. A certificate can
be revoked if the certificate authority (CA) has
improperly issued a certificate, or if a private key is compromised. The most common
reason for revocation is that the user is no longer in sole possession of the
private key.
To define a certificate revocation configuration or override:
-
Select from the web UI.
-
Expand the Security menu and select
Certificate Revocation.
-
Click + Add Row to add a column in
the Certificate Revocation List
(CRL) Update Interval table to quarantine certificates from use
in the network.
Additionally, a
certificate can be placed on hold for a user defined period. If, for instance, a
private key was found and nobody had access to it, its status could be
reinstated.
-
In the Trustpoint Name
field, provide the name of the trustpoint in question.
The name cannot exceed 32
characters.
-
In the URL field, enter the
third-party resource ensuring the trustpoint's legitimacy.
-
Use the spinner control to specify an
interval (in hours) after which a device copies a CRL file from an
external server and associates it with a trustpoint.
-
Click OK to save the changes or
overrides to the Certificate
Revocation screen.
Click Reset to revert to the last
saved configuration.