System Administration Guide: IP Services

How to Update a Certificate Revocation List

  1. Become superuser on the system console.

    Note –

    Logging in remotely exposes security-critical traffic to eavesdropping. Even if you somehow protect the remote login, the total security of the system is reduced to the security of the remote login session.

  2. Follow the instructions from the vendor about how to extract the revoked certificates.

  3. Use the following procedure to add the revoked certificate to the CRL database.

    1. Type the ikecert certrldb -a command and type <Return>.

      # ikecert certrldb -a <Return>
    2. Paste the revoked certificate from the PKI vendor and type <Return>, then <Control-D> to end the entry.

  4. Repeat for every CRL in the revocation list.