Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

crl

Syntax

Hierarchy Level

Description

Specify certificate revocation actions.

CRL validation on SRX Series Firewall involves checking for revoked certificates from servers. You can enable or disable the CRL validation to meet your specific security requirements. You can allow or drop the sessions when a CRL information is not available.

To enhance security, the certificate revocation checking feature has been enabled by default on SRX Series Firewalls on any SSL proxy profile.

Options

disable

Disable CRL validation.

if-not-present

Specify an action if CRL information is not present.

  • Values:

    • allow—Allow session if CRL information is not present.

    • drop—Drop session if CRL information is not present.

ignore-hold-instruction-code

Allow the sessions when a certificate is revoked and the revocation reason is on hold.

Required Privilege Level

system

Release Information

Statement introduced in Junos OS Release 15.1X49-D30. This statement is supported in the SRX340, SRX345, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Virtual Firewall instances.