Chapter 3 Authentication for FortiOS 5.0 : Certificate-based authentication : Managing X.509 certificates : Online updates to certificates and CRLs : Certificate Revocation Lists
  
Certificate Revocation Lists
If you obtained your CRL using SCEP, you can configure online updates to the CRL using the config vpn certificate crl command. The relevant fields are:
Variable
Description
http-url <http_url>
URL of the server used for automatic CRL certificate updates. This can be HTTP or HTTPS.
scep-cert <scep_certificate>
Local certificate used for SCEP communication for CRL auto-update.
scep-url <scep_url>
URL of the SCEP CA server used for automatic CRL certificate updates. This can be HTTP or HTTPS.
update-interval <seconds>
How frequently, in seconds, the FortiGate unit checks for an updated CRL. Enter 0 to update the CRL only when it expires. Not available for http URLs.
update-vdom <update_vdom>
VDOM used to communicate with remote SCEP server for CRL auto-update.
In this example, an updated CRL is requested only when it expires.
config vpn certificate crl
edit cert_crl
set http-url http://scep.example.com/scep
set scep-cert my-scep-cert
set scep-url http://scep.ca.example.com/scep
set update-interval 0
set update-vdom root
end