The CRL checks property for the certificate will be left as the default value of Enforced which
means that a CRL check against the list retrieved from the http://crls.example.com server will
always be done.
Command-Line Interface
A. Configure the distribution point list:
First, add the distribution point list:
gw-world:/> add CRLDistPointList my_cdpl
Next, change the CLI context to be the list:
gw-world:/> cc CRLDistPointList my_cdpl
Then add the distribution point to the list:
gw-world:/my_cdpl> add CRLDistPoint URL=http://crls.example.com
Finally, change the CLI context back to the default:
gw-world:/my_cdpl> cc
gw-world:/>
B. Associate the distribution point list with the certificate:
gw-world:/> set Certificate my_cert CRLDistPointList=my_cdpl
Web Interface
A. Configure the distribution point list:
1. Go to: Objects > CRL Distribution Point Lists
2. Select Add > CRL Distribution Point List
3. For Name enter my_cdpl
4. Select CRL Distribution Points
5. Select Add
6. For URL enter http://crls.example.com
7. Click OK to save the distribution point
8. Click OK to save the distribution point list
B. Associate the distribution point list with the certificate:
1. Go to: Objects > Key Ring
2. Select the certificate my_cert
3. Set the Manual CRL dist. points property to be my_cdpl
4. Click OK
Chapter 3: Fundamentals
276
To Next Page
Loading...
