Configure CRL for revocation check

Configures the parameters for the Certificate Revocation list (CRL) revocation check mode.

Syntax


crypto pki ta-profile <profile-name>revocation-check [crl] [[strict|optional] [url1 <REVOC-URL> | url2 <REVOC-URL>|[refresh-interval <hours>]

Parameters

profile-name

A name (maximum 100 characters) with a unique identifier for the Trust Anchor Profile. Ten TA profiles are supported: one for each allowed trust anchor (Root CA certificate.)

revocation-check

Applies revocation check on a TA profile.

crl

Uses CRL for revocation.

You can only specify one of these options:

strict

Sets the enforcement as strict.

optional

Sets enforcement as optional.

url1

Configures the first URL.

url2

Configures the second URL.

refresh-interval

Sets the periodic update interval in hours, default is 24.