beautypg.com

Nortel Networks NN46120-104 User Manual

Page 121

background image

Automatic CRL Retrieval

121

accordance with RFC 2255).
Example:

ldap://10.42.128.30:389/cn=VeriSign CRL,o=Your
Organization?
CertificateDiscHyphenRevocationList;binary

Note: RFC 2255 states that entering host information is
optional. The NVG software’s implementation of the CRL
retrieval feature however requires that host information is
specified.

Using HTTP or TFTP, the URL you specify must include the
specific file name you want to access. The recognized URL
syntax is a subset of RFC 1738, and can be defined as:

://[:]/.

Example:

http://10.42.128.30/server.crl

>> Main /cfg/cert 1/revoke/automatic

>> Automatic CRL# url

Current value: ""

Enter URL to retrieve from:

2

Set the distinguished name used for binding and
authenticating the initiated LDAP session on the specified
LDAP server.

Check your LDAP server documentation for details on binding,
authentication, and access control.
Example:

cn=Bill Smith,o=Your Organization

By setting the

/cfg/cert #/revoke/automatic/anonymous

command to

true

, you can enable anonymous binding for

automatic CRL retrieval through LDAP. In this case, the

authDN

and

passwd

commands (see the following sections) can be set

to anything, including an empty string.

When using HTTP or TFTP to retrieve a CRL, you do not need
to provide a distinguished name for binding and authentication.

>> Automatic CRL# authDN

Current value: ""

Enter DN:

3

Set the password used for binding and authenticating the
initiated LDAP session on the specified LDAP server.

Check your LDAP server documentation for details on binding,
authentication, and access control.

When using HTTP or TFTP to retrieve a CRL, you don’t need to
provide a password for binding and authentication.

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.