Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    crl

    Syntax

    crl { ignored | optional | required }

    no crl

    Release Information

    Command introduced before JunosE Release 7.1.0.

    Description

    Controls how the router checks certificate revocation lists (CRLs) when determining whether to accept a peer's certificates. The no version restores the default setting.

    Options

    • ignored—Specifies that the router will not try to find or use CRLs
    • optional—Specifies that the router will try to find a CRL. If a CRL is found, the peer certificate must not appear in the CRL. If no CRL is found, the peer can still authenticate; this is the default.
    • required—Specifies that the router must find a valid CRL; the CRL must be current, and the peer certificate must not appear in the CRL

    Mode

    IPsec CA Identity Configuration

    Published: 2014-08-14