Revoking certificates

Secure connections and certificates : Revoking certificates

To ensure that your FortiRecorder appliance validates only certificates that have not been revoked, you should periodically upload a current certificate revocation list (CRL), which may be provided by certificate authorities (CA).


	Alternatively, you can use HTTP or online certificate status protocol (OCSP) to query for certificate status. For more information, see “Revoking certificates by OCSP query”.

To upload a CRL file

1. Go to System > Certificate > Certificate Revocation List.

2. Click Import.

3. In Certificate name, type the name of the certificate as it will be referred to in the appliance’s configuration file.

4. Next to Certificate file, click Browse, then select the certificate file.

5. Click OK.

The certificate is uploaded to the appliance. TIme required varies by the size of the file and the speed of the network connection, but is typically only a few seconds.