Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module
crypto pki crl request
crypto pki crl request
To configure and define the PKI implementation on the WebVPN Services Module, use the crypto pki crl request command.
crypto pki crl request name
Syntax Description |
| name | Specifies the name of the CA. This is the same name used when the CA was |
|
|
| declared with the crypto pki trustpoint command. |
|
|
| |
|
|
|
|
Defaults |
| This command has no default settings. | |
Command Modes
Command History
Global configuration
Release | Modification |
WebVPN Module | Support for this command was introduced on the Catalyst 6500 series |
Release 1.1 | switches. |
|
|
Usage Guidelines A CRL lists all the certificates of the network device that have been revoked. Revoked certificates will not be honored by your module; therefore, any IPSec device with a revoked certificate cannot exchange IP Security traffic with your module.
The first time your module receives a certificate from a peer, it will download a CRL from the CA. Your module then checks the CRL to make sure the certificate of the peer has not been revoked. (If the certificate appears on the CRL, it will not accept the certificate and will not authenticate the peer.)
A CRL can be reused with subsequent certificates until the CRL expires. If your module receives the certificate of a peer after the applicable CRL has expired, it will download the new CRL.
If your module has a CRL which has not yet expired, but you suspect that the contents of the CRL are out of date, use the crypto pki crl request command to request that the latest CRL be immediately downloaded to replace the old CRL.
This command is not saved to the configuration.
Examples | This example shows how to specify the timeout in seconds for each request: |
| wwbvpn(config)# crypto pki crl request |
Catalyst 6500 Series Switch WebVPN Module Command
|
| ||
|
|