Crl distribution points – Panasonic NN46110-600 User Manual

90 Chapter 3 Using certificates

configured CRL servers for the CA that you can edit or delete. You can
configure and add a new CRL server in the New CRL Server section.

2

In the

Search Base

field, enter the portion of the

X.500 directory

where the

CA stores certificate revocation lists. The following is a sample search base
entry:

ou=Engineering, o=Nortel, c=US

3

In the

host

field, enter the

host name

or

IP address

of the LDAP-accessible

directory server that is storing the published CRLs. If you use a host name

instead of an IP address, then you must configure one or more DNS servers on
the System > Identity window.

4

In the

Connection

field, enter the

port number

associated with the LDAP

server. Optionally, enable

Secure Socket Layer

(SSL) to secure the

connection with the LDAP server. SSL is not required for handling CRLs

because a CRL is signed and is therefore protected against modification and

spoofing.

5

Select

Enabled

or

Disabled

to enable or disable the CRL server.

CRL distribution points

CRL distribution points (CDP) identifies how CRL vendor-specific information is
obtained. It is supported for Entrust CAs. When implemented, users authenticate
only against the CRL that is specified in the certificate CDP. This provides faster

tunnel establishment. Figure 15 is an example of CRL distribution points.

NN46110-600