Crl; Importing A Certificate Revocation List - Fortinet FortiGate Series Administration Manual

Hide thumbs Also See for FortiGate Series:

Table of Contents

System Certificates

CRL

FortiGate Version 4.0 MR1 Administration Guide

01-410-89802-20090903

http://docs.fortinet.com/

A Certificate Revocation List (CRL) is a list of CA certificate subscribers paired with

certificate status information. Installed CRLs are displayed in the CRL list. The FortiGate

unit uses CRLs to ensure that the certificates belonging to CAs and remote clients are

To view installed CRLs, go to System > Certificates > CRL.

Figure 160: Certificate revocation list

Import a CRL. For more information, see

The names of existing certificate revocation lists. The FortiGate unit assigns

unique names (CRL_1, CRL_2, CRL_3, and so on) to certificate revocation lists

when they are imported.

Information about the certificate revocation lists.

Delete the selected CRL from the FortiGate configuration.

View Certificate

Display CRL details such as the issuer name and CRL update dates.

Download icon

Save a copy of the CRL to a local computer.

Certificate revocation lists from CA web sites must be kept updated on a regular basis to

ensure that clients having revoked certificates cannot establish a connection with the

FortiGate unit. After you download a CRL from the CA web site, save the CRL on a

computer that has management access to the FortiGate unit.

Note: When the CRL is configured with an LDAP, HTTP, and/or SCEP server, the latest

version of the CRL is retrieved automatically from the server when the FortiGate unit does

not have a copy of it or when the current copy expires.

To import a certificate revocation list, go to System > Certificates > CRL and select Import.

View Certificate Detail

"Importing a certificate revocation list"