Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


crl (Adaptive Services Interface)


Hierarchy Level


Configure the certificate revocation list (CRL). A CRL is a time-stamped list identifying revoked certificates, which is signed by a CA and made available to the participating IPsec peers on a regular periodic basis.


disable on-download-failure—Permit the authentication of the IPsec peer when the CRL is not downloaded.

password—Password to access the URLs.

refresh-interval number-of-hours—Time interval, in hours, between CRL updates.

  • Range: 0 through 8784

  • Default: 24

url url-name—Location from which to retrieve the CRL through the Lightweight Directory Access Protocol (LDAP). You can configure as many as three URLs for each configured CA profile.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration

Release Information

Statement introduced in Junos OS Release 8.1.