[Contents] [Prev] [Next] [Index] [Report an Error]

Verifying Certificate Validity

The CRL is updated automatically, but you must verify certificates manually to find out if a certificate has been revoked, or if the CA certificate used to create a local certificate is no longer present on the device.

When you verify certificates manually, the device uses the CA certificate to verify the local certificate. If the local certificate is valid, and if revocation-check is enabled in the CA profile, the device verifies that the CRL is loaded and valid. If not, the device downloads the new CRL.

Before You Begin
Obtain a certificate either online or manually. See Obtaining Digital Certificates Online or Obtaining Digital Certificates Manually . For background information, read Public Key Cryptography for Certificates Understanding Certificates Understanding Certificate Revocation Lists Using Digital Certificates

You verify certificates from the CLI in operational mode.

This topic covers:

[Contents] [Prev] [Next] [Index] [Report an Error]