Table of Contents
Advertisement
90 Chapter 3 Using certificates
2
3
4
5
CRL distribution points
CRL distribution points (CDP) identifies how CRL vendor-specific information is
obtained. It is supported for Entrust CAs. When implemented, users authenticate
only against the CRL that is specified in the certificate CDP. This provides faster
tunnel establishment.
NN46110-600
configured CRL servers for the CA that you can edit or delete. You can
configure and add a new CRL server in the New CRL Server section.
In the Search Base field, enter the portion of the X.500 directory where the
CA stores certificate revocation lists. The following is a sample search base
entry:
ou=Engineering, o=Nortel, c=US
In the host field, enter the host name or IP address of the LDAP-accessible
directory server that is storing the published CRLs. If you use a host name
instead of an IP address, then you must configure one or more DNS servers on
the System > Identity window.
In the Connection field, enter the port number associated with the LDAP
server. Optionally, enable Secure Socket Layer (SSL) to secure the
connection with the LDAP server. SSL is not required for handling CRLs
because a CRL is signed and is therefore protected against modification and
spoofing.
Select Enabled or Disabled to enable or disable the CRL server.
Figure 15
is an example of CRL distribution points.
Advertisement
Table of Contents
