Setting the Certificate Revocation List (CRL) Configuration

A CRL (certificate revocation list) is a list of revoked certificates that are no longer valid. A certificate can be revoked if the CA (certificate authority) has improperly issued a certificate, or if a private key is compromised. The most common reason for revocation is that the user is no longer in sole possession of the private key.

To define a certificate revocation configuration or override:

  1. Select Configuration → Devices → System Profile from the web UI.
  2. Expand the Security menu and select Certificate Revocation.
    Click to expand in new window
    Profile Security - Certificate Revocation List (CRL) Update Interval Screen
  3. Click + Add Row, in the Certificate Revocation List (CRL) Update Interval table to quarantine certificates from use in the network.
    Additionally, a certificate can be placed on hold for a user defined period. If, for instance, a private key was found and nobody had access to it, its status could be reinstated.
    1. In the Trustpoint Name field, provide the name of the trustpoint in question.
      The name cannot exceed 32 characters.
    2. In the URL field, enter the third-party resource ensuring the trustpoint's legitimacy.
    3. Use the spinner control to specify an interval (in hours) after which a device copies a CRL file from an external server and associates it with a trustpoint.
  4. Click OK to save the changes or overrides to the Certificate Revocation screen.
    Click Reset to revert to the last saved configuration.