Administration | Certificate Management | Certificates | CRL
14-47
VPN 3000 Concentrator Series User Guide
serial number. Enabling CRL checking means that every time the VPN Concentrator uses the certificate
for authentication, it also checks the latest CRL to ensure that the certificate has not been revoked.
CAs use LDAP databases to store and distribute CRLs. They may also use other means, but the VPN
Concentrator relies on LDAP access.
Since the system has to fetch and examine the CRL from a network distribution point, enabling CRL
checking may slow system response times. Also, if the network is slow or congested, CRL checking may
fail.
Many certificates include the location of the CRL distribution point. View the certificate to determine
its presence. If the CRL distribution point is present in the certificate in the proper format, you need not
configure any fields below the checkbox on this screen.
Figure 14-40: Administration | Certificate Management | Certificates | CRL screen
Certificate
The certificate for which you are configuring CRL checking. This is the name in Subject field of
Certificate Authorities table on Administration | Certificate Management | Certificates screen.
Enable CRL Checking
Check this box to enable CRL checking on all certificates issued by this CA under its root. The box is
not checked by default.
If this certificate does not include
CRL Distribution Point information, you must configure the fields that
follow. Otherwise, ignore them. Contact the security administrator at the CA to get the proper entries for
these fields.
Server
Enter the IP address or hostname of the CRL distribution point server (LDAP server). Maximum 32
characters.
To Next Page
Loading...
Need help?
General