Table of Contents
Advertisement
CRL attribute specified in the URL is performed on the LDAP server. For more information
about the implementation details behind these operations, see RFC 2251.
1. Specify the URL from which the CRL list should be retrieved.
2. Set the distinguished name used for binding and authenticating the initiated LDAP
User Guide
This step sets the complete URL for retrieving a CRL using LDAP, HTTP, or TFTP.
If you are not using the default TCP port of the respective protocol, the TCP port
number must also be included in the URL.
If you want to retrieve CRLs from an LDAP server, you need to provide the
distinguished name of the specific object on the LDAP server, together with the
attribute that holds the CRL (all in accordance with RFC 2255). Example:
ldap://10.42.128.30:389/cn=VeriSign CRL,o=Your Organization?
CertificateDiscHyphenRevocationList;binary
Note:
RFC 2255 states that entering host information is optional. The AVG software's
implementation of the CRL retrieval feature however requires that host
information is specified.
Using HTTP or TFTP, the URL you specify must include the specific file name you
want to access. The recognized URL syntax is a subset of RFC 1738, and can be
defined as:
<proto>://<host>[:<port>]/<path>.
Example:
http://10.42.128.30/server.crl
/cfg/cert 1/revoke/automatic
>> Main
url
>> Automatic CRL#
""
Current value:
Enter URL to retrieve from:
session on the specified LDAP server.
Check your LDAP server documentation for details on binding, authentication, and
access control. Example:
cn=Bill Smith,o=Your Organization
By setting the /cfg/cert #/revoke/automatic/anonymous command to
true, you can enable anonymous binding for automatic CRL retrieval through
LDAP. In this case, the authDN and passwd commands (see the following
sections) can be set to anything, including an empty string.
Managing Revocation of Client Certificates
April 2013
113
Advertisement
Table of Contents
