Overriding a Certificate Revocation List (CRL) Configuration

About this task

A certificate revocation list (CRL) is a list of revoked certificates that are no longer valid. A certificate can be revoked if the certificate authority (CA) has improperly issued a certificate, or if a private key is compromised. The most common reason for revocation is that the user is no longer in sole possession of the private key.

To define a certificate revocation configuration or override:

Procedure

Select Configuration → Devices from the web UI.
The Device Configuration screen displays a list of managed devices or peer controllers, service platforms, or access points.
Select a target device in the lower left-hand side of the UI.
You can also select a target device by double-clicking it in the list in the Device Configuration screen.
Select Profile Overrides → Security.
Select Certificate Revocation.

Device Overrides - Certificate Revocation Screen

Note
A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.
Click + Add Row, in the Certificate Revocation List (CRL) Update Interval table to quarantine certificates from use in the network.
Additionally, a certificate can be placed on hold for a user defined period. If, for instance, a private key was found and nobody had access to it, its status could be reinstated.
1. In the Trustpoint Name field, provide the name of the trustpoint in question.
  The name cannot exceed 32 characters.
2. In the URL field, enter the third-party resource ensuring the trustpoint's legitimacy.
3. Use the spinner control to specify an interval (in hours) after which a device copies a CRL file from an external server and associates it with a trustpoint.
Click OK to save the changes or overrides to the Certificate Revocation screen.
Click Reset to revert to the last saved configuration.