HP e-Commerce / XML director server appliance sa8250 - Users Guide
C H A P T E R 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide
216
config policygroup
service key client-ca
revocation url
Retrieves the CRL.
config policygroup <policy-name> service
<service-name> key client-ca revocation url
<url> {user <username> password <password> |
none}
where:
•
policy-name is the name of a policy group
•
service-name is the name of a service
•
url is a URL used to retrieve the CRL. The format of the
URL is protocol://server:port/path. Valid protocols are FTP,
HTTP, and LDAP protocols are supported.
•
username is the optional username to access the URL
•
password is the optional password to access the URL
•
none clears the URL
Examples of the
url parameter:
•
url ftp://ftp.newhost.com/myrevoke.crl user
anonymous
sets the URL path to myrevoke.crl on the host
ftp.newhost.com using the FTP protocol with the username of
anonymous, and no password.
•
url http://www.myhost.com:9800/CertEnroll/
server.crl
sets the URL path to CertEnroll/server.crl on
the host www.myhost.com using the HTTP protocol on port
9800.
•
url ldap://server.com/DC=company,CD=com,
CN=cRL password U8#h2k0W
sets the URL to /DC=
company, CD=com,CN=cRL on the host server.com using the
LDAP protocol with a password of U8#h2k0W.
Note 1: If refresh is set to a non-zero value, and the URL is
invalid (or specifies a non-valid CRL file), a message is entered
into the system logs. We recommend that network administrators
closely monitor these logs to ensure the SA8250 is receiving CRLs
properly. Using the refresh now command causes the log message
to be printed onscreen.
Note 2: This command supports both DER and PEM format
revocation lists.
Command Description
SSL Commands (continued)