ipsec crl
ipsec crl { ignored | optional | required }
Syntax
no ipsec crl
Command introduced before JUNOSe Release 7.1.0.
Release Information
Controls how the router checks certificate revocation lists (CRLs) when determining
Description
whether to accept a peer's certificates. The no version restores the default setting.
NOTE: This command is replacing the ike crl command. The ike crl command may
be removed completely in a future release.
Options
Global Configuration
Mode
ignored Specifies that the router will not try to find or use CRLs
optional Specifies that the router will try to find a CRL. If a CRL is found, the
peer certificate must not appear in the CRL. If no CRL is found, the peer can still
authenticate; this is the default.
required Specifies that the router must find a valid CRL; the CRL must be current,
and the peer certificate must not appear in the CRL
Chapter 10: I Commands
997
ipsec crl