Send documentation comments to mdsfeedback-doc@cisco.com
4-108
Cisco MDS 9000 Family Command Reference
OL-8413-07, Cisco MDS SAN-OS Release 3.x
Chapter 4 C Commands
crypto ca crl request
crypto ca crl request
To configure a new certificate revocation list (CRL) downloaded from the certificate authority (CA), use
the crypto ca crl request command in configuration mode.
crypto ca crl request trustpoint-label source-file
Syntax Description
Defaults None.
Command Modes Configuration mode.
Command History
Usage Guidelines Cisco MDS SAN-OS allows you to pre-download CRLs for the trust points and cache the CRLs in the
cert store using the crypto ca crl request command. During the verification of a peer certificate by
IPsec/IKE or SSH, the issuer CA’s CRL will be consulted only if it had already been configured locally,
and revocation checking is configured to use CRL. Otherwise, CRL checking is not done and a certificate
is considered to be not revoked if no other revocation checking methods are configured. This mode of
CRL checking is called CRL optional.
The other modes of revocation checking are called CRL best-effort and CRL mandatory. In these modes,
if the CRL is not found locally, there is an attempt to fetch it automatically from the CA. These modes
are not supported in MDS SAN-OS release 3.0(1).
The CRL file specified should contain the latest CRL in either Privacy Enhanced Mail (PEM) format or
Distinguished Encoding Rules (DER) format.
Note The trust point configuration (created by the crypto ca trustpoint command) is persistent only if saved
explicitly using the copy running-config startup-config command. The certificates and CRL associated
to a trust point are automatically made persistent if the trust point in question was already saved in the
startup configuration. Conversely, if the trust point was not saved in the startup configuration, the
certificates and CRL associated to it are not made persistent automatically because they do not exist
without the corresponding trust point after the switch reboots.
To ensure the that the configured certificates, CRLs and key pairs are made persistent, always save the
running configuration to the startup configuration.
trustpoint-label Specifies the name of the trust point. The maximum size is 64
characters.
source-file Specifies the location of the CRL in the form bootflash:filename. The
maximum size is 512.
Release Modification
3.0(1) This command was introduced.
To Next Page
Loading...
Need help?
General
