beautypg.com

Nortel Networks NN46120-104 User Manual

Page 118

background image

118

Certificates and Client Authentication

Repeat this step for each serial number you want to add. To
display the serial number (along with subject information) for a
saved client certificate, use the

/info/certs

command.

Or, download and add your own CRL in ASCII format from a
remote machine.

>> Revocation# import

Select protocol (tftp/ftp/scp/sftp) [tftp]: ftp

Enter host or IP address of server: 192.168.128.20

(example)

Enter name of file on server (PEM, DER or ASCII format):

crl.ascii

Retrieving crl.ascii from 192.168.128.20

Received 12628 bytes in 0.1 seconds

Certificate revocation list found in ascii format

Revocation list added.

Use ’apply’ to activate changes.

If you have added serial numbers for particular client certificates
by using the add command prior to using the

import

command,

you will be asked if you want to merge those serial numbers to
the CRL in ASCII format. If the CRL does not already include
those serial numbers, choose to merge them. However, make
sure that you update the original CRL with the merged serial
numbers before the next download, as you will otherwise lose
them. For more information about how to build your own CRL,
see

“Creating Your Own Certificate Revocation List” (page 119)

.

3

Verify that the serial numbers of the client certificates you
want to revoke have been added.

>> Revocation# list

Revoked certificates:

4

Apply your changes.

>> Revocation# apply

Changes applied successfully.

--End--

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.