PKI Certificate Support
CRL Configuration
1. CRL can be retrieved through LDAP client and SCEP client. We can also import the
2. Ldap Client configuration.
3. SCEP Client configuration.
4. Manual CRL download
5. Fetch the CRL. If configured, Ldap client is used to fetch the CRL. If SCEP client is
Note:
All the certificates are saved in Certificates.dat file and private keys are stored in Keys.dat
file. Since private keys need to be securely stored, private keys are stored in an encrypted
format.
176
Avaya Secure Router 1000 Series Configuration Guide
CRL manually (cut and paste method). LDAP client supports the periodic download
of CRLs.
R1/configure/crypto/ca/trustpoint ms2003> crl query ldap://
192.168.114.3/ou=security,o=tasman,c=us
R1/configure/crypto/ca/trustpoint ms2003> enrollment url
http://192.168.114.2/certsrv/mscep/mscep.dll/
R1/configure/crypto/ca/trustpoint ms2003> enrollment
terminal
configured, CRL will be downloaded using SCEP. If the enrollment mode is manual,
user will be prompted to paste the CRL in PEM format.
R1/configure/crypto/ca/crl> request ms2003
December 2010