 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
See the following sections:
- crl file-name;
- [edit security certificates]
Statement introduced before JUNOS Release 7.4.
Configure the certificate revocation list (CRL). A CRL is a time-stamped list identifying revoked certificates, which is signed by a CA and made available to the participating IPSec peers on a regular periodic basis.
file-name—Specifies the file from which to read the CRL.
See Configuring the Certificate Authority Properties.
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration
- crl {
- disable on-download-failure;
-
refresh-interval number-of-hours;
-
- url {
-
url-name;
- password;
- }
- }
- [edit security pki ca-profile ca-profile-name revocation-check]
Statement introduced in JUNOS Release 8.1.
Configure the certificate revocation list (CRL). A CRL is a time-stamped list identifying revoked certificates, which is signed by a CA and made available to the participating IPSec peers on a regular periodic basis.
disable on-download-failure—Permits the authentication of the IPSec peer when the CRL is not downloaded.
refresh-interval hours—Time interval, in hours, between CRL updates.
url url-name—Location from which to retrieve the CRL through the Lightweight Directory Access Protocol (LDAP). You can configure as many as three URLs for each configured CA profile.
See Configuring the Certificate Revocation List.
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |