Table of Contents
Advertisement
VPN Certificates
CRL
Importing a certificate revocation list
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102
A Certificate Revocation List (CRL) is a list of CA certificate subscribers paired
with certificate status information. Installed CRLs are displayed in the CRL list.
The FortiGate unit uses CRLs to ensure that the certificates belonging to CAs and
remote clients are valid.
To view installed CRLs, go to VPN > Certificates > CRL.
Figure 198:Certificate revocation list
Import
Import a CRL. See
Name
The names of existing certificate revocation lists. The FortiGate unit
assigns unique names (CRL_1, CRL_2, CRL_3, and so on) to
certificate revocation lists when they are imported.
Subject
Information about the certificate revocation lists.
Delete icon
Delete the selected CRL from the FortiGate configuration.
View Certificate
Display CRL details such as the issuer name and CRL update dates.
See example
Detail icon
Download icon
Save a copy of the CRL to a local computer.
Figure 199:CRL Certificate Detail
Certificate revocation lists from CA web sites must be kept updated on a regular
basisFortiGate to ensure that clients having revoked certificates cannot establish
a connection with the FortiGate unit. After you download a CRL from the CA web
site, save the CRL on a computer that has management access to the FortiGate
unit.
Note: When the CRL is configured with an LDAP, HTTP, and/or SCEP server, the latest
version of the CRL is retrieved automatically from the server when the FortiGate unit does
not have a copy of it or when the current copy expires.
To import a certificate revocation list, go to VPN > Certificates > CRL and select
Import.
View Certificate Detail
"Importing a certificate revocation list" on page
Figure
199.
CRL
Download
317.
317
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
