Configuring the Mobility Master or Managed Device as a CRL Client

CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. is the traditional method of checking certificate validity. When you want to check certificate validity using a CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority., import the CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority.. You can import CRLs only by using the WebUI.

In the WebUI

Perform the following steps to configure the Mobility Master as a CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. client:

  1. In the Mobility Master node hierarchy, navigate to the Configuration > System > Certificates tab.
  2. Expand the Import Certificates accordion.
  3. Click + in the Import Certificates section.
  4. Enter the following certificate details in the New Certificate section:
    1. Enter a name in the Certificate name text box. This name identifies the certificate you are importing.
    2. Enter the certificate filename in the Certificate filename text box. Click the Browse button to enter the full pathname.
    3. Enter a password in the Optional passphrase text box. The password is optional.
    4. If you opted for using the optional password (in step c), re-enter the password in the Retype passphrase text box.
    5. Select a certificate format from the Certificate format drop-down list. You can import certificates of format DER, P12, PEM, PFX, PKCS12, and PKCS7.
    6. Select CRL from the Certificate type drop-down list.
  5. When this CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. is imported, it is maintained in the store for CRLs. These CRLs are used for signature verification.

  6. Click Submit. The CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. appears in the Import Certificates section.
  7. For detailed information about an imported CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority., click the CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. from the CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. list.
  8. Click the Revocation Checkpoint accordion menu.
    1. In the Revocation Checkpoint section, click the record for which you want to configure the revocation checkpoint. The Revocation Checkpoint > <RCP name> section is displayed.
    2. Select crl from the Revocation method 1 drop-down list.
    3. In the CRL location text box, enter the CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. you want to use for this revocation checkpoint. The CRLs listed are files that have already been imported onto the Mobility Master or the managed device.
  9. Click Submit.
  10. Click Pending Changes.
  11. In the Pending Changes window, select the check box indicating the pending change and click Deploy Changes.
  12. You can configure an OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder with the check method as CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. for a revocation check point using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

In the CLI

Run the following command to configures an OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder with the check method as CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. for a revocation check point:

(host)[mynode](config) #crypto-local pki rcp <rcp-name>

(host)[mynode](config-submode) #crl-location file <filename>

(host)[mynode](config-submode) #revocation-check crl