crl
Syntax
crl {
disable disable;
if-not-present (allow | drop);
ignore-hold-instruction-code ignore-hold-instruction-code;
}
Hierarchy Level
[edit services ssl initiation profile profile-name actions] [edit services ssl proxy profile profile-name actions]
Description
Specify certificate revocation actions.
CRL validation on SRX Series Firewall involves checking for revoked certificates from servers. You can enable or disable the CRL validation to meet your specific security requirements. You can allow or drop the sessions when a CRL information is not available.
To enhance security, the certificate revocation checking feature has been enabled by default on SRX Series Firewalls on any SSL proxy profile.
Options
| disable | Disable CRL validation. |
| if-not-present | Specify an action if CRL information is not present.
|
| ignore-hold-instruction-code | Allow the sessions when a certificate is revoked and the revocation reason is on hold. |
Required Privilege Level
system
Release Information
Statement introduced in Junos OS Release 15.1X49-D30. This statement is supported in the SRX340, SRX345, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Virtual Firewall instances.