HP Traffic Director sa7220 User Manual

C H A P T E R 5

HP Traffic Director Server Appliances User Guide

190

config policygroup
service key client-ca
revocation mode

NOTE: When mode is
disabled, the presence of a
valid CRL is irrelevant,
since no client certificate
checking will occur. When
mode is enabled, a missing
or invalid CRL will cause
the service to become
disabled. Changing the
mode to disabled, or
importing a valid CRL, will
re-enable the service.

Sets the mode to disable or enable.

config policygroup service

key client-ca revocation

[mode]

where:
•

policy-name

is the name of a policy group

•

service-name

is the name of a service

•

disable

means that client certificates are not checked

against the CRL (the default setting)

•

enable

means that client certificates are validated against the

CRL

config policygroup
service key client-ca
revocation refresh

NOTE: The refresh
command supports both
DER and PEM format
revocation lists.

Sets the interval at which the SA8220 will download the CRL
from a certificate server.

config policygroup service

key client-ca revocation

[refresh]

where:
•

policy-name

is the name of a policy group

•

service-name

is the name of a service

•

interval

is an integer representing the number of minutes

from 0 to 625600 (1 year) to wait between attempted retrievals
of a CRL from a URL specified using the

url

parameter

below. A value of 0 disables the feature, and a value of 30 will
attempt to retrieve the CRL every 30 minutes.

•

now

causes the CRL to be downloaded immediately

Command

Description