The Certificate Revocation List (CRL) can be used to verify that the certificates used byare valid and have not been compromised. A CRL is uploaded to and then associated with one or more clusters in the cluster specific context. Whenever a certificate is used to authenticate a connection to the cluster, the CRL is checked to make sure the certificate being used has not been revoked.
FortiADC provides support for Certificate Revocation Lists (CRLs) using a central CRL store to which CRLs can be uploaded and then associated with as many clusters as required.
If a CRL attached to a cluster was generated by a Certificate Authority (CA) different from the CA used to generate a client certificate presented when connecting to the cluster, an error will occur, The CRL and client certificate must be signed by the same CA. |
---|
Installed CRLs will be displayed in an accordion style list. Click on each list item to expand it and display the contents of the CRL.