Certificate revocation lists
When you apply for a signed personal or group certificate to install on remote clients, you can obtain the corresponding root certificate and Certificate Revocation List (CRL) from the issuing CA.
The CRL is a list of certificates that have been revoked and are no longer usable. This list includes expired, stolen, or otherwise compromised certificates. If your certificate is on this list, it will not be accepted. CRLs are maintained by the CA that issues the certificates and includes the date and time when the next CRL will be issued as well as a sequence number to help ensure you have the most current version of the CRL.
When you receive the signed personal or group certificate, install the signed certificate on the remote client(s) according to the browser documentation. Install the corresponding root certificate (and CRL) from the issuing CA on the FortiAnalyzer unit according to the procedures given below.
Importing a CRL
To import a CRL:
- Go to System Settings > Certificates.
- Click Create New/Import > CRL in the toolbar.
- Click Browse... and locate the CRL file on the management computer, or drag and drop the file onto the dialog box.
- Click OK to import the CRL.
Viewing a CRL
To view a CRL:
- Go to System Settings > Certificates.
- Select the CRL you need to see details about.
- Click View Certificate Detail in the toolbar, or right-click and select View Certificate Detail. The Result page opens.
- Click OK to return to the CRL list.
Deleting a CRL
To delete a CRL or CRLs:
- Go to System Settings > Certificates.
- Select the CRL or CRLs you need to delete.
- Click Delete in the toolbar, or right-click and select Delete.
- Click OK in the confirmation dialog box to delete the selected CRL or CRLs.