With the following command, you direct the device to check the validity of the CA profile called my_profile and, if a CRL did not accompany a CA certificate and is not loaded on the device, to retrieve the CRL from the URL http://abc.
- user@host# set security pki ca-profile my_profile
revocation-check crl url http://abc