The Certificate Revocation List (CRL) can be used to verify that the certificates used byare valid and have not been compromised. A CRL is uploaded to and then associated with one or more clusters in the cluster specific context. Whenever a certificate is used to authenticate a connection to the cluster, the CRL is checked to make sure the certificate being used has not been revoked.
FortiADC provides support for Certificate Revocation Lists (CRLs) using a central CRL store to which CRLs can be uploaded and then associated with as many clusters as required.
|
If a CRL attached to a cluster was generated by a Certificate Authority (CA) different from the CA used to generate a client certificate presented when connecting to the cluster, an error will occur, The CRL and client certificate must be signed by the same CA. |
|---|
Installed CRLs will be displayed in an accordion style list. Click on each list item to expand it and display the contents of the CRL.
Proceed with the following to install a CRL using the GUI:
