Table of Contents
Advertisement
Configuring CRL Objects
Using CRLs
Configuring CRLs
Configuring Extranet Policies
Copyright © 2010, Juniper Networks, Inc.
A Certificate Revocation List (CRL) identifies invalid certificates. You can obtain a CRL
file (.crl) from the CA that issued the local certification and CA certificate for the device,
then use this file to create a Certificate Revocation List object.
You must install the CRL on the managed device using NSM. Because the CRL is an object,
however, you can use the same CRL for multiple devices, as long as those devices use
local and CA certificates that were issued by that CA.
You can use a CRL object in a VPN to check for VPN members using revoked certificates.
After you have obtained a CRL file (.crl) from your CA, use this file to create a Certificate
Revocation object.
In Object Manager, select CRLs, then click the icon to display the New CRL dialog box.
Enter a name for the CRL, then click Load CRL and load the appropriate .crl file. NSM
uses the information in the .crl file to automatically complete the Issued By and Expire
On fields. Click OK to complete the CRL object.
Extranet policies enable you to configure and manage extranet devices (that is, third-party
router).
In this example, you want to update an existing policy on a third-party router to deny
certain ftp traffic from a specific IP address. You can do this by creating a script that
performs the required actions when you update the extranet device. You also need to
create your rule in an Extranet Policy object.
To create an Extranet Policy object:
In the Object Manager, select Extranet Policies. The New ExtranetPolicyObject
1.
window appears.
Enter the name of the Extranet Policy, for example, Extranet Policy1. Add a comment
2.
in the Comments field.
Configure the Extranet Policy object:
3.
Chapter 8: Configuring Objects
415
Advertisement
Table of Contents
