SonicWALL TZ 190 Manuale Utente

You can import the CRL by manually downloading the CRL and then importing it into the 
SonicWALL security appliance.

Click on the Import certificate revocation list

 icon. The Import CRL window is displayed.

You can import the CRL from the certificate file by selecting Import CRL directly from a PEM 
(.pem) or DER (.der or .cer) encoded file, and entering the path in the Select a CRL file to 
import field or click the Browse button to navigate to the file, click Open, then click Import.

You can also enter the URL location of the CRL by entering the address in the Enter CRL’s 
location (URL) field, and then click Import. The CRL is downloaded automatically at intervals 
determined by the CA service. Certificates are checked against the CRL by the SonicWALL 
security appliance for validity when they are used.

By default, if no CRL is available, a Certificate is presumed to be valid if it passes all other 
checks (such as validity dates and signatures). To require that Certificates be checked against 
a valid CRL, enable the Invalidate Certificates and Security Associations if CRL import or 
processing fails setting.

You should create a Certificate Policy to be used in conjunction with local certificates. A 
Certificate Policy determines the authentication requirements and the authority limits 
required for the validation of a certificate.