HP e-Commerce / XML director server appliance sa8250 - Users Guide
C H A P T E R 5 SSL Commands
215
config policygroup
service key client-ca
revocation mode
Sets the mode to disable or enable.
config policygroup <policy-name> service
<service-name> key client-ca revocation
mode [ disable | enable ]
where:
•
policy-name is the name of a policy group
•
service-name is the name of a service
•
disable means that client certificates are not checked
against the CRL (the default setting)
•
enable means that client certificates are validated against the
CRL
Note: When mode is disabled, the presence of a valid CRL is
irrelevant, since no client certificate checking will occur. When
mode is enabled, a missing or invalid CRL will cause the service
to become disabled. Changing the mode to disabled, or importing
a valid CRL, will re-enable the service.
config policygroup
service key client-ca
revocation refresh
Sets the interval at which the SA8250 will download the CRL
from a certificate server.
config policygroup <policy-name> service
<service-name> key client-ca revocation
refresh <now>
where:
•
policy-name is the name of a policy group
•
service-name is the name of a service
•
interval is an integer representing the number of minutes
from 0 to 625600 (1 year) to wait between attempted retrievals
of a CRL from a URL specified using the
url parameter. A
value of 0 disables the feature, and a value of 30 will attempt
to retrieve the CRL every 30 minutes.
•
now causes the CRL to be downloaded immediately
Note: This command supports both DER and PEM format
revocation lists.
Command Description
SSL Commands (continued)