Configuring the Mobility Master or Managed Device as a CRL Client
CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. is the traditional method of checking certificate validity. When you want to check certificate validity using a CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority., import the CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority.. You can import CRLs only by using the WebUI.
In the WebUI
Perform the following steps to configure the Mobility Master as a CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. client:
- In the node hierarchy, navigate to the tab.
- Expand the accordion.
- Click in the section.
- Enter the following certificate details in the
- Enter a name in the text box. This name identifies the certificate you are importing.
- Enter the certificate filename in the text box. Click the button to enter the full pathname.
- Enter a password in the text box. The password is optional.
- If you opted for using the optional password (in step c), re-enter the password in the text box.
- Select a certificate format from the drop-down list. You can import certificates of format DER, P12, PEM, PFX, PKCS12, and PKCS7.
- Select
A revocation check method (OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. or CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority.) can be chosen independently for every revocation checkpoint. In this example, we are only describing the CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. check method.
from the drop-down list.
section: - Click CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. appears in the section. . The
- For detailed information about an imported CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority., click the CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. from the CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. list.
- Click the
- In the section, click the record for which you want to configure the revocation checkpoint. The section is displayed.
- Select from the drop-down list.
- In the CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. you want to use for this revocation checkpoint. The CRLs listed are files that have already been imported onto the Mobility Master or the managed device. text box, enter the
accordion menu. - Click .
- Click .
- In the window, select the check box indicating the pending change and click .
When this CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. is imported, it is maintained in the store for CRLs. These CRLs are used for signature verification.
You can configure an OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder with the check method as CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. for a revocation check point using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..
In the CLI
Run the following command to configures an OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder with the check method as CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. for a revocation check point:
(host)[mynode](config) #crypto-local pki rcp <rcp-name>
(host)[mynode](config-submode) #crl-location file <filename>
(host)[mynode](config-submode) #revocation-check crl