Importing a CRL (Certificate revocation list)
Certificate revocation list (CRL) is a list of certificates that have been revoked and are no longer usable. This list includes certificates that have expired, been stolen, or otherwise compromised. If your certificate is on this list, it will not be accepted. CRLs are maintained by the CA that issues the certificates and includes the date and time when the next CRL will be issued as well as a sequence number to help ensure you have the most current version of the CRL.
CRLs can be imported to FortiPAM.
To import a CRL:
- Go System > Certificates.
- From
+Create/Import, select CRL.
The Import CRL window opens.
- Enter the following information:
Imported Method
Select either File Based or Online Updating.
+Upload
Select and locate the certificate file on your computer.
Note: The option is only available when the Imported Method is File Based.
HTTP
Enable HTTP updating and enter the URL of the HTTP server.
Note: The option disabled by default.
Note: The pane is only available when the Imported Method is Online Updating.
LDAP
Enable LDAP updating and select an LDAP server from the dropdown or create a new one.
Use the search bar to look for an LDAP server.
Use the pen icon next to an LDAP server to edit the server.
Enter the Username and the Password.
Note: The option disabled by default.
Note: The pane is only available when the Imported Method is Online Updating.
SCEP
Enable SCEP updating and select a local certificate or create a new certificate for SCEP communication for the online CRL.
Use the search bar to look for a certificate.
Enter the URL of the SCEP server.
Note: The option disabled by default.
Note: The pane is only available when the Imported Method is Online Updating.
- Click OK.