secure-peering crl ca
Configures CRL for an automatically discovered secure-peering CA. You can update automatically discovered CRLs using this command.
Syntax
secure-peering crl ca <string> cdp <integer> ldap-server <ip-address or hostname> crl-attr-name <name> port <port>
Parameters
ca <string> | Specifies the name of a secure peering CA certificate. |
cdp <integer> | Specifies a Certificate Distribution Point (CDP) in a secure peering CA certificate. |
ldap-server <ip-address> | Specifies the IP address of a Lightweight Directory Access Protocol (LDAP) server answering a query to Certificate Revocation List (CRL). |
ldap-server <hostname> | Specifies the hostname of an LDAP server answering a query to Certificate Revocation List (CRL). |
crl-attr-name <name> | Specifies the attribute name of CRL in an LDAP entry. |
port <port> | Specifies the LDAP service port. |
Usage
Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate.
Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate.
A CRL includes any digital certificates that have been invalidated before their expiration date, including the reasons for their revocation and the names of the issuing certificate signing authorities. A CRL prevents the use of digital certificates and signatures that have been compromised. The certificate authorities that issue the original certificates create and maintain the CRLs.
Example
amnesiac (config) # secure-peering crl ca mycert cdp 1 ldap-server 10.0.0.1
Product
SteelHead CX, SteelHead EX, SteelHead-v, SteelHead-c
Related Commands