Cisco Cisco ASR 5000
Global Configuration Mode Commands (A-K)
▀ ca-crl
▄ Command Line Interface Reference, StarOS Release 18
5316
Usage
Use this command to name and fetch a CA-CRL from a specified location.
Without additional information from the CA, an issued certificate remains valid to any verifier until it
expires. To revoke certificates, the CA publishes a CRL periodically to provide an updated list of certificates
revoked, but not yet expired. Like a certificate, a CRL is a digital document signed by the CA. In addition to
a list of serial numbers of revoked certificates, the CRL includes attributes such as issuer name (same as the
issuer name in the certificate), signature (signed by the issuer using the same key that signs certificates), last
update (the time this CRL was issued), and next update (the time next CRL will be available).
Without additional information from the CA, an issued certificate remains valid to any verifier until it
expires. To revoke certificates, the CA publishes a CRL periodically to provide an updated list of certificates
revoked, but not yet expired. Like a certificate, a CRL is a digital document signed by the CA. In addition to
a list of serial numbers of revoked certificates, the CRL includes attributes such as issuer name (same as the
issuer name in the certificate), signature (signed by the issuer using the same key that signs certificates), last
update (the time this CRL was issued), and next update (the time next CRL will be available).
Example
The following command fetches a CA-CRL named
list1.pem
from a
host.com/CRLs
location and names
the list
CRL5
:
ca-crl name CRL5 pem url http://host.com/CRLs/list1.pem