crl

Syntax

crl { ignored | optional | required }

no crl

Release Information

Command introduced before JUNOSe Release 7.1.0.

Description

Controls how the router checks certificate revocation lists (CRLs) when determining whether to accept a peer's certificates. The no version restores the default setting.

Options

• ignored—Specifies that the router will not try to find or use CRLs
• optional—Specifies that the router will try to find a CRL. If a CRL is found, the peer certificate must not appear in the CRL. If no CRL is found, the peer can still authenticate; this is the default.
• required—Specifies that the router must find a valid CRL; the CRL must be current, and the peer certificate must not appear in the CRL

IPSec CA Identity Configuration

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.