 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
You can specify the URL for the Lightweight Directory Access Protocol (LDAP) server where your CA stores its current CRL. If the CA includes the Certificate Distribution Point (CDP) in the digital certificate, you do not need to specify a URL for the LDAP server. The CDP is a field within the certificate that contains information about how to retrieve the CRL for the certificate. The router uses this information to download the CRL automatically.
Configure an LDAP URL if you want to use a different CDP from the one specified in the certificate. Any LDAP URL you configure takes precedence over the CDP included in the certificate.
You can configure up to three URLs for each CA profile.
If the LDAP server requires a password to access the CRL, you need to include the password statement.
To configure the routing platform to retrieve the CRL from the LDAP server, include the url statement and specify the URL name at the [edit security pki ca-profile ca-profile-name revocation-check crl] hierarchy level:
- [edit security pki ca-profile ca-profile-name revocation-check crl]
-
url {
-
url-name;
- }
url-name is the certificate authority LDAP server name. The format is ldap://server-name, where server-name is the CA host DNS name or IP address.
To specify to use a password to access the CRL, include the password statement at the [edit security pki ca-profile ca-profile-name revocation-check crl url] hierarchy level:
- [edit security pki ca-profile ca-profile-name revocation-check crl url]
- password password;
password is the secret password that the LDAP server requires for access.
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |