Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

crl (Security)

Syntax

Hierarchy Level

Description

Configure the certificate revocation list (CRL). A CRL is a time-stamped list identifying revoked certificates, which is signed by a CA and made available to the participating IPsec peers on a regular periodic basis.

Options

disable on-download-failure

(Optional) Override the default behavior and permit certificate verification even if the CRL fails to download.
refresh-interval hours

Specify the amount of time interval in hours between certificate revocation list (CRL) updates.

  • Range: 0 through 8784 hours.

    Configuring refresh-interval value as 0 or not configuring refresh-interval is considered as same in Junos. In both the cases, CRL is updated based on the value specified for the next-update time in the received CRL.

  • Default: The CRL is updated based on the value specified for the next-update time in the received CRL. This update occurs in the following cases:

    • if the refresh-interval is not configured.
    • if the refresh-interval value is configured as 0.
url url-name

Name of the location from which to retrieve the CRL through HTTP or Lightweight Directory Access Protocol (LADP). You can specify one URL for each configured CA profile. By default, no location is specified. Use a fully qualified domain name (FQDN) or an IP address and, optionally, a port number. If no port number is specified, port 80 is used for HTTP and port 443 is used for LDAP.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5.

disable option is introduced in Junos OS Release 9.0.

Related Documentation