Nortel Networks NN46120-104 User Manual
Page 121
Automatic CRL Retrieval
121
accordance with RFC 2255).
Example:
ldap://10.42.128.30:389/cn=VeriSign CRL,o=Your
Organization?
CertificateDiscHyphenRevocationList;binary
Note: RFC 2255 states that entering host information is
optional. The NVG software’s implementation of the CRL
retrieval feature however requires that host information is
specified.
Using HTTP or TFTP, the URL you specify must include the
specific file name you want to access. The recognized URL
syntax is a subset of RFC 1738, and can be defined as:
Example:
http://10.42.128.30/server.crl
>> Main /cfg/cert 1/revoke/automatic
>> Automatic CRL# url
Current value: ""
Enter URL to retrieve from:
2
Set the distinguished name used for binding and
authenticating the initiated LDAP session on the specified
LDAP server.
Check your LDAP server documentation for details on binding,
authentication, and access control.
Example:
cn=Bill Smith,o=Your Organization
By setting the
/cfg/cert #/revoke/automatic/anonymous
command to
true
, you can enable anonymous binding for
automatic CRL retrieval through LDAP. In this case, the
authDN
and
passwd
commands (see the following sections) can be set
to anything, including an empty string.
When using HTTP or TFTP to retrieve a CRL, you do not need
to provide a distinguished name for binding and authentication.
>> Automatic CRL# authDN
Current value: ""
Enter DN:
3
Set the password used for binding and authenticating the
initiated LDAP session on the specified LDAP server.
Check your LDAP server documentation for details on binding,
authentication, and access control.
When using HTTP or TFTP to retrieve a CRL, you don’t need to
provide a password for binding and authentication.
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.