Cisco Cisco Packet Data Interworking Function (PDIF) Prospecto
IPSec Certificates
CRL Fetching ▀
Cisco StarOS IP Security (IPSec) Reference ▄
131
Download from CDP Extension of Peer Certificate
The following diagram illustrates peer certificate validations against CRLs. The CRL is fetched based on its CDP
extension.
extension.
Figure 26. Call Flow: CRL Download from CDP Extension of Peer certificate
The peer certificate is then verified against the CRL based on its status the IKE_AUTH proceeds.
CLI Commands
Important:
The commands described below appear in the CLI for this release. However, they have not been
qualified for use with any current Cisco StarOS gateway products.
Global Configuration Mode
ca-crl name
This command Configures the name and URL path of a Certificate Authority-Certificate Revocation List (CA-CRL).
The configuration sequence is as follows:
configure
ca-crl name name { der | pem } { url url }