Filter
Top Products
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
245
VPN > CA Certificates
Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a way to check the validity of an existing certificate. A
certificate may be invalid for several reasons:
• It is no longer needed.
• A certificate was stolen or compromised.
• A new certificate was issued that takes precedence over the old certificate.
If a certificate is invalid, the CA may publish the certificate on a Certificate Revocation List at a
given interval, or on an online server in a X.509 v3 database using Online Certificate Status Protocol
(OCSP). Consult your CA provider for specific details on locating a CRL file or URL.
You can import the CRL by manually downloading the CRL and then importing it into the SonicWALL.
You can also enter the URL location of the CRL by entering the address in the Enter CRL’s location
(URL) for auto-import field. The CRL is downloaded automatically at intervals determined by the CA
service. Certificates are checked against the CRL by the SonicWALL for validity when they are used.
Importing a CRL List
To import a CRL list, follow these steps:
1
Click Browse for Please select a file to import.
2
Locate the PKCS#12 (*.p12) or Micorosft (*.pfx) encoded file.
3
Click Open to set the directory path to the certificate.
4
Click Import to import the certificate into the SonicWALL.
Automatic CRL Update
To enable automatic CRL updates to the SonicWALL, type the URL of the CRL server for your CA
service in the Enter CRL’s location (URL) for auto-import, then click Apply.