Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
crl (Security)
Syntax
crl {disable {on-download-failure;}refresh-interval hours;url url-name;}
Hierarchy Level
[edit security pki ca-profile ca-profile-name revocation-check]
Release Information
Statement introduced in Junos OS Release 8.5.
Description
Configure the certificate revocation list (CRL). A CRL is a time-stamped list identifying revoked certificates, which is signed by a CA and made available to the participating IPsec peers on a regular periodic basis.
Options
- disable on-download-failure—(Optional) Override the default behavior and permit certificate verification even if the CRL fails to download.
- refresh-interval hours—Time
interval, in hours, between CRL updates.
Range — 0 through 8784 hours.
- url url-name —Name of the location from which to retrieve the CRL through HTTP or Lightweight Directory Access Protocol (LADP). You can specify one URL for each configured CA profile. By default, no location is specified. Use a fully qualified domain name (FQDN) or an IP address and, optionally, a port number. If no port number is specified, port 80 is used for HTTP and port 443 is used for LDAP.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
