Configuring CRL Sources using CLI

You can use the certconfig > CRL subcommand to configure CRL sources using CLI.

When you execute the command, you can perform the operations mentioned in the table below:

Subcommand

Purpose

NEW

Adds a new CRL source.

EDIT

Modifies the existing CRL source.

DELETE

Removes the CRL source.

PRINT

Displays all the CRL sources.

UPDATE

Updates the CRL sources manually.

SETUP

Configures the global settings for the CRL sources. You can enable or disable the CRL check for the following connections:

  • Inbound SMTP TLS

  • Outbound SMTP TLS

  • Web Interface

Example 1:

You can use the SETUP subcommand to enable CRL check for Web Interface as shown in the following example:

 mail3.example.com> certconfig

Choose the operation you want to perform:
- CERTIFICATE - Import, Create a request, Edit or Remove Certificate Profiles
- CERTAUTHORITY - Manage System and Customized Authorities
- CRL - Manage Certificate Revocation Lists
[]> CRL

Certificate Revocation List Summary
Inbound SMTP TLS: Disabled
Outbound SMTP TLS: Disabled
Web Interface: Disabled

There are currently 1 CRL sources configured.

Choose the operation you want to perform:
- NEW - Create a new CRL source
- EDIT - Modify a CRL source
- DELETE - Remove a CRL source
- PRINT - Display all CRL sources
- UPDATE - Manually update a CRL file
- SETUP - Change global settings
[]> setup

Do you want to enable CRL check for inbound SMTP TLS? [N]> n

Do you want to enable CRL check for outbound SMTP TLS? [N]> n

Do you want to enable CRL check for Web Interface? [N]> y

Certificate Revocation List Summary
Inbound SMTP TLS: Disabled
Outbound SMTP TLS: Disabled
Web Interface: Enabled

There are currently 1 CRL sources configured.

Example 2:

You can use the PRINT subcommand to display all the CRL sources as shown in the following example:

mail3.example.com> certconfig

Choose the operation you want to perform:
- CERTIFICATE - Import, Create a request, Edit or Remove Certificate Profiles
- CERTAUTHORITY - Manage System and Customized Authorities
- CRL - Manage Certificate Revocation Lists
[]> CRL    

Certificate Revocation List Summary
Inbound SMTP TLS: Disabled
Outbound SMTP TLS: Disabled
Web Interface: Disabled
There are currently 1 CRL sources configured.

Choose the operation you want to perform:
- NEW - Create a new CRL source
- EDIT - Modify a CRL source
- DELETE - Remove a CRL source
- PRINT - Display all CRL sources
- UPDATE - Manually update a CRL file
- SETUP - Change global settings

[]> PRINT
Currently configured CRL sources (disabled sources are marked with *):
1. crl16:  http://crl.example.com/certs.crl.pem
Certificate Revocation List Summary
Inbound SMTP TLS: Disabled
Outbound SMTP TLS: Disabled
Web Interface: Disabled
There are currently 1 CRL sources configured.
Choose the operation you want to perform:
- NEW - Create a new CRL source
- EDIT - Modify a CRL source
- DELETE - Remove a CRL source
- PRINT - Display all CRL sources
- UPDATE - Manually update a CRL file
- SETUP - Change global settings