User's Manual
2-15
Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1
OL-7310-01
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module
crypto pki crl request
crypto pki crl request
To configure and define the PKI implementation on the WebVPN Services Module, use the crypto pki
crl request command.
crypto pki crl request name
Syntax Description
Defaults This command has no default settings.
Command Modes Global configuration
Command History
Usage Guidelines A CRL lists all the certificates of the network device that have been revoked. Revoked certificates will
not be honored by your module; therefore, any IPSec device with a revoked certificate cannot exchange
IP Security traffic with your module.
The first time your module receives a certificate from a peer, it will download a CRL from the CA. Your
module then checks the CRL to make sure the certificate of the peer has not been revoked. (If the
certificate appears on the CRL, it will not accept the certificate and will not authenticate the peer.)
A CRL can be reused with subsequent certificates until the CRL expires. If your module receives the
certificate of a peer after the applicable CRL has expired, it will download the new CRL.
If your module has a CRL which has not yet expired, but you suspect that the contents of the CRL are
out of date, use the crypto pki crl request command to request that the latest CRL be immediately
downloaded to replace the old CRL.
This command is not saved to the configuration.
Examples This example shows how to specify the timeout in seconds for each request:
wwbvpn(config)# crypto pki crl request
name Specifies the name of the CA. This is the same name used when the CA was
declared with the crypto pki trustpoint command.
Release Modification
WebVPN Module
Release 1.1
Support for this command was introduced on the Catalyst 6500 series
switches.