Profile Overrides - Certificate Revocation

A CRL (certificate revocation list) is a list of revoked certificates that are no longer valid. A certificate can be revoked if the CA (certificate authority) has improperly issued a certificate, or if a private key is compromised. The most common reason for revocation is that the user is no longer in sole possession of the private key.

To override an access point profile's CRL configurations:

  1. Go to Configuration → Devices → Device Overrides.

    The Device Overrides screen displays. This screen lists devices within the managed network.

  2. Select an access point.

    The selected access point's configuration menu displays.

  3. Expand Profile Overrides → Security and select Certificate Revocation.

    The certificate revocation list (CRL) configuration screen displays.

    Click to expand in new window
    Certificate Revocation List (CRL) Configuration Screen
    Note

    Note

    A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.

  4. In the Certificate Revocation List (CRL) Update Interval table, click + Add Row and configure the following:

    Use this option to quarantine certificates from use in the network. Additionally, a certificate can be placed on hold for a user defined period. If, for instance, a private key was found and nobody had access to it, its status could be reinstated.

    Trustpoint Name

    Provide the name of the trustpoint. The name should not exceed 32 characters.

    URL

    Enter the third-party resource ensuring the trustpoint's legitimacy.

    Hours

    Use this spinner control to specify an interval (in hours) after which a device copies a CRL file from an external server and associates it with a trustpoint.

  5. Click OK to save the CRL changes.

    Click Reset to revert to the last saved configuration.