System > Certificates
90
SonicOS Enhanced 4.0 Administrator Guide
Importing a CRL
You can import the CRL by manually downloading the CRL and then importing it into the
SonicWALL security appliance.
Step 1 Click on the Import certificate revocation list icon. The Import CRL window is displayed.
Step 2 You can import the CRL from the certificate file by selecting Import CRL directly from a PEM
(.pem) or DER (.der or .cer) encoded file, and entering the path in the Select a CRL file to
import field or click the Browse button to navigate to the file, click Open, then click Import.
Step 3 You can also enter the URL location of the CRL by entering the address in the Enter CRL’s
location (URL) field, and then click Import. The CRL is downloaded automatically at intervals
determined by the CA service. Certificates are checked against the CRL by the SonicWALL
security appliance for validity when they are used.
Step 4 By default, if no CRL is available, a Certificate is presumed to be valid if it passes all other
checks (such as validity dates and signatures). To require that Certificates be checked against
a valid CRL, enable the Invalidate Certificates and Security Associations if CRL import or
processing fails setting.
Generating a Certificate Signing Request
Tip You should create a Certificate Policy to be used in conjunction with local certificates. A
Certificate Policy determines the authentication requirements and the authority limits
required for the validation of a certificate.