[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

crl

Syntax

crl {
disable {
on-download-failure;
}
refresh-interval hours ;
url url-name ;
}

Hierarchy Level

[edit security pki ca-profile ca-profile-name revocation-check]

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure the certificate revocation list (CRL). A CRL is a time-stamped list identifying revoked certificates, which is signed by a CA and made available to the participating IPsec peers on a regular periodic basis.

This statement is supported on J-series and SRX-series devices.

Options

disable on-download-failure—(Optional) Override the default behavior and permit certificate verification even if the CRL fails to download.

refresh-interval hours —Time interval, in hours, between CRL updates.

url url-name —Name of the location from which to retrieve the CRL through HTTP or Lightweight Directory Access Protocol (LADP). You can specify one URL for each configured CA profile. By default, no location is specified. Use a fully qualified domain name (FQDN) or an IP address and, optionally, a port number. If no port number is specified, port 80 is used for HTTP and port 443 is used for LDAP.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]