Nortel Networks NN46120-104 User Manual
Page 118
118
Certificates and Client Authentication
Repeat this step for each serial number you want to add. To
display the serial number (along with subject information) for a
saved client certificate, use the
/info/certs
command.
Or, download and add your own CRL in ASCII format from a
remote machine.
>> Revocation# import
Select protocol (tftp/ftp/scp/sftp) [tftp]: ftp
Enter host or IP address of server: 192.168.128.20
(example)
Enter name of file on server (PEM, DER or ASCII format):
crl.ascii
Retrieving crl.ascii from 192.168.128.20
Received 12628 bytes in 0.1 seconds
Certificate revocation list found in ascii format
Revocation list added.
Use ’apply’ to activate changes.
If you have added serial numbers for particular client certificates
by using the add command prior to using the
import
command,
you will be asked if you want to merge those serial numbers to
the CRL in ASCII format. If the CRL does not already include
those serial numbers, choose to merge them. However, make
sure that you update the original CRL with the merged serial
numbers before the next download, as you will otherwise lose
them. For more information about how to build your own CRL,
see
“Creating Your Own Certificate Revocation List” (page 119)
3
Verify that the serial numbers of the client certificates you
want to revoke have been added.
>> Revocation# list
Revoked certificates:
4
Apply your changes.
>> Revocation# apply
Changes applied successfully.
--End--
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.