A certificate revocation list (CRL) is a list of certificates that have been revoked or are no longer valid. A certificate can be revoked if the certificate authority (CA) had improperly issued a certificate, or if a private-key is compromised. The most common reason for revocation is the user no longer being in sole possession of the private key.
To define a CRL configuration that can be applied to a profile:
Select the Configuration → Profiles → Manage Profiles tab from the Web UI.
Expand Security and select Certificate Revocation.
Select the + Add Row button to add a column within the Certificate Revocation List (CRL) Update Interval table to quarantine certificates from use in the network.
Additionally, a certificate can be placed on hold for a defined period. If, for instance, a private key was found and nobody had access to it, its status could be reinstated.
Provide the name of the trustpoint in question within the Trustpoint Name field. The name cannot exceed 32 characters.
Enter the resource ensuring the trustpoint's legitimacy within the URL field.
Use the spinner control to specify an interval (in hours) after which a device copies a CRL file from an external server and associates it with a trustpoint.
Select OK to save the changes made within the Certificate Revocation screen. Select Reset to revert to the last saved configuration.