CRL

certificate revocation list

CRL allows the network operator to check if a certificate has been revoked by the issuer CA. CRL can be used for both EPDG and CA certificates (root CA and sub CAs). CRL offers the option to configure an offline certificate revocation list file where the EPDG checks for the revocation of a configured certificate. CRL is configured per CA profile entry in the system.

Automatic CRL updates can be configured by providing a number of URLs where the system can automatically download a new CRL list for a given CA profile. The CRL file is automatically downloaded from a list of configured HTTP URLs either periodically or before the CRL expires. If the downloaded CRL is more recent than the existing one, then the existing one will be replaced.