Table of Contents
Advertisement
Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a way to check the validity of an existing certificate. A certificate
may be invalid for several reasons:
•
It is no longer needed.
•
A certificate was stolen or compromised.
•
A new certificate was issued that takes precedence over the old certificate.
If a certificate is invalid, the CA may publish the certificate on a Certificate Revocation List at a given
interval, or on an online server in a X.509 v3 database using Online Certificate Status Protocol (OCSP).
Consult your CA provider for specific details on locating a CRL file or URL.
Tip!
The SonicWALL supports obtaining the CRL via HTTP or manually downloading the list.
You can import the CRL by manually downloading the CRL and then importing it into the SonicWALL. You
can also enter the URL location of the CRL by entering the address in the Enter CRL's location (URL)
for auto-import field. The CRL is downloaded automatically at intervals determined by the CA service.
Certificates are checked against the CRL by the SonicWALL for validity when they are used.
Importing a CRL List
To import a CRL list, follow these steps:
1. Click Browse for Please select a file to import.
2. Locate the PKCS#12 (*.p12) or Micorosft (*.pfx) encoded file.
3. Click Open to set the directory path to the certificate.
4. Click Import to import the certificate into the SonicWALL.
Automatic CRL Update
To enable automatic CRL updates to the SonicWALL, type the URL of the CRL server for your CA service
in the Enter CRL's location (URL) for auto-import, then click Apply.
VPN Page 127
Advertisement
Table of Contents
