Import a CRL
Certificate revocation list (CRL) is a list of certificates that have been revoked and are no longer usable. This list includes certificates that have expired, been stolen, or otherwise compromised. If your certificate is on this list, it will not be accepted. CRLs are maintained by the CA that issues the certificates and includes the date and time when the next CRL will be issued as well as a sequence number to help ensure you have the most current version of the CRL.
CRLs can be imported to the FortiProxy unit.
To import a certificate revocation list:
-
From the Certificates page, select Import > CRL. The Import CRL page opens.
-
Select File Based or Online Updating.
If you select File Based, select Upload and locate the certificate file on your computer. If you select Online Updating, configure the following settings:
-
HTTP: If you enable HTTP updating, enter the URL of the HTTP server.
-
LDAP: If you enable LDAP updating, select or search for the LDAP server, enter the user name, and select Change to enter the password in the Password field.
-
SCEP: If you enable SCEP updating, select a local certificate for SCEP communication for the online CRL and enter the URL of the SCEP server.
-
-
Click OK to import the CRL.