System Certificates CRL
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 309
http://docs.fortinet.com/ • Feedback
CRL
A Certificate Revocation List (CRL) is a list of CA certificate subscribers paired with
certificate status information. Installed CRLs are displayed in the CRL list. The FortiGate
unit uses CRLs to ensure that the certificates belonging to CAs and remote clients are
valid.
To view installed CRLs, go to System > Certificates > CRL.
Figure 160: Certificate revocation list
Importing a certificate revocation list
Certificate revocation lists from CA web sites must be kept updated on a regular basis to
ensure that clients having revoked certificates cannot establish a connection with the
FortiGate unit. After you download a CRL from the CA web site, save the CRL on a
computer that has management access to the FortiGate unit.
To import a certificate revocation list, go to System > Certificates > CRL and select Import.
Import Import a CRL. For more information, see “Importing a certificate revocation list”
on page 309.
Name The names of existing certificate revocation lists. The FortiGate unit assigns
unique names (CRL_1, CRL_2, CRL_3, and so on) to certificate revocation lists
when they are imported.
Subject Information about the certificate revocation lists.
Delete icon Delete the selected CRL from the FortiGate configuration.
View Certificate
Detail icon
Display CRL details such as the issuer name and CRL update dates.
Download icon Save a copy of the CRL to a local computer.
Download
View Certificate Detail
Note: When the CRL is configured with an LDAP, HTTP, and/or SCEP server, the latest
version of the CRL is retrieved automatically from the server when the FortiGate unit does
not have a copy of it or when the current copy expires.
To Next Page
Loading...
Need help?
General