C H A P T E R 6
7. To give the SA8220 the download address for the CRL, type the
following command:
<policygroup/richtest/service/SSL/key/client-ca/
revocation# url ftp://10.1.2.64/Certsrv/myCA.crl
user john password smith
where john is your username and smith is your
password.
You will see:
URL updated
8. To verify that the SA8220 can retrieve the CRL from your PKI,
type the following command:
<policygroup/richtest/service/SSL/key/client-ca/
revocation# refresh now
This downloads the CRL from your PKI server 10.1.2.64 to the
SA8220. You will see:
Refresh completed, revocation list was obtained
from: ftp://10.1.2.64/Certsrv/myCA.crl
9. To set up the SA8220 to periodically update the CRL, type the
following command:
<policygroup/richtest/service/SSL/key/client-
ca/revocation# refresh 480
This sets the CRL update period to 8 hours (480 minutes). You
will see:
Refresh will begin in 480 minute(s), url: ftp://
10.1.2.64/Certsrv/myCA.crl
e-Commerce Appliance Scenarios
231