crl (Adaptive Services Interface)
Syntax
crl {
disable on-download-failure;
refresh-interval number-of-hours;
url {
url-name;
password;
}
}
Hierarchy Level
[edit security pki ca-profile ca-profile-name revocation-check]
Description
Configure the certificate revocation list (CRL). A CRL is a time-stamped list identifying revoked certificates, which is signed by a CA and made available to the participating IPsec peers on a regular periodic basis.
Options
disable on-download-failure—Permit the authentication
of the IPsec peer when the CRL is not downloaded.
password—Password to access the URLs.
refresh-interval number-of-hours—Time interval,
in hours, between CRL updates.
Range: 0 through 8784
Default: 24
url url-name—Location from which to retrieve the
CRL through the Lightweight Directory Access Protocol (LDAP). You can configure as many as
three URLs for each configured CA profile.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration
Release Information
Statement introduced in Junos OS Release 8.1.