Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual page 241

country
domain-name
ike crl
ipsec certificate-database refresh
Copyright © 2010, Juniper Networks, Inc.
Use to specify a country name used to generate certificate requests.
Example
host1(config-ipsec-identity)#country CA
Use the no version to remove the country name.
See country.
Use to specify the domain name that the router uses in IKE authentication messages
and to generate certificate requests.
The domain name is used in the SubjectAlternative DNS certificate extensions and as
an FQDN (fully qualified domain name) ID payload for IKE negotiations.
Example
host1(config-ipsec-identity)#domain-name myerx.kanata.junipernetworks.com
Use the no version to remove the domain name.
See domain-name.
Use to control how the router handles CRLs during negotiation of IKE phase 1 signature
authentication. Specify one of the following keywords:
ignored—Allows negotiations to succeed even if a CRL is invalid or the peer's
certificate appears in the CRL; this is the most lenient setting
optional—If the router finds a valid CRL, it uses it; this is the default setting
required—Requires a valid CRL; either the certificates that belong to the E Series
router or the peer must not appear in the CRL; this is the strictest setting
Example
host1(config)#ike crl ignored
Use the no version to return the CRL setting to the default, optional.
NOTE: This command has been replaced by "ipsec crl" on page 216 and
may be removed completely in a future release.
See ike crl.
Chapter 8: Configuring Digital Certificates
215