Setting the Certificate Revocation List (CRL) Configuration
A CRL (certificate revocation list) is a
list of revoked certificates that are no longer valid. A certificate can be revoked
if the CA (certificate
authority) has improperly issued a certificate, or if a private key is
compromised. The most common reason for revocation is that the user is no longer in
sole possession of the private key.
To define a certificate revocation configuration or override:
Select Configuration → Devices → System Profile from the web UI.
Expand the Security menu and select
Certificate Revocation.
Click + Add Row, in the
Certificate
Revocation List (CRL) Update Interval table to quarantine
certificates from use in the network.
Additionally, a certificate can be placed on hold for a
user defined period. If, for instance, a private key was found and nobody had
access to it, its status could be reinstated.
In the Trustpoint
Name field, provide the name of the trustpoint in
question.
The name cannot exceed
32 characters.
In the URL field,
enter the third-party resource ensuring the trustpoint's
legitimacy.
Use the spinner control
to specify an interval (in hours) after which a device copies a CRL file
from an external server and associates it with a trustpoint.
Click OK to save the
changes or overrides to the Certificate
Revocation screen.
Click Reset to revert
to the last saved configuration.