System Certificates
CRL
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
251
•
CRL
A Certificate Revocation List (CRL) is a list of CA certificate subscribers paired with
certificate status information. Installed CRLs are displayed in the CRL list. The FortiGate
unit uses CRLs to ensure that the certificates belonging to CAs and remote clients are
valid.
To view installed CRLs, go to
System > Certificates > CRL
.
Figure 146: Certificate revocation list
Importing a certificate revocation list
Certificate revocation lists from CA web sites must be kept updated on a regular basis to
ensure that clients having revoked certificates cannot establish a connection with the
FortiGate unit. After you download a CRL from the CA web site, save the CRL on a
computer that has management access to the FortiGate unit.
To import a certificate revocation list, go to
System > Certificates > CRL
and select
Import
.
Import
Import a CRL. For more information, see
“Importing a certificate revocation list”
Name
The names of existing certificate revocation lists. The FortiGate unit assigns
unique names (
CRL_1
,
CRL_2
,
CRL_3
, and so on) to certificate revocation lists
when they are imported.
Subject
Information about the certificate revocation lists.
Delete icon
Delete the selected CRL from the FortiGate configuration.
View Certificate
Detail icon
Display CRL details such as the issuer name and CRL update dates.
Download icon
Save a copy of the CRL to a local computer.
Download
View Certificate Detail
Note:
When the CRL is configured with an LDAP, HTTP, and/or SCEP server, the latest
version of the CRL is retrieved automatically from the server when the FortiGate unit does
not have a copy of it or when the current copy expires.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...