Cisco ASA Series Cli Configuration Manual page 950

Configuring Digital Certificates
Command
policy cdp
Example:
hostname (config-ca-crl)# policy cdp
policy static
Example:
hostname (config-ca-crl)# policy static
policy both
Example:
hostname (config-ca-crl)# policy both
Step 4
url n url
Example:
hostname (config-ca-crl)# url 2
http://www.example.com
Step 5
protocol http | ldap | scep
Example:
hostname (config-ca-crl)# protocol http
Step 6
cache-time refresh-time
Example:
hostname (config-ca-crl)# cache-time 420
Step 7
Do one of the following:
enforcenextupdate
Example:
hostname (config-ca-crl)# enforcenextupdate
no enforcenextupdate
Example:
hostname (config-ca-crl)# no enforcenextupdate
Cisco ASA Series CLI Configuration Guide
1-14
Chapter 1 Configuring Digital Certificates
Purpose
Configures retrieval policy. CRLs are retrieved only
from the CRL distribution points specified in
authenticated certificates.
Note
SCEP retrieval is not supported by
distribution points specified in certificates.
To continue, go to Step 5.
Configures retrieval policy. CRLs are retrieved only
from URLs that you configure.
To continue, go to Step 4.
Configures retrieval policy. CRLs are retrieved from
CRL distribution points specified in authenticated
certificates and from URLs that you configure.
To continue, go to Step 4.
If you used the keywords static or both when you
configured the CRL policy, you must configure
URLs for CRL retrieval. You can enter up to five
URLs, ranked 1 through 5. The n is the rank assigned
to the URL. To remove a URL, use the no url n
command.
Configures the retrieval method. Specifies HTTP,
LDAP, or SCEP as the CRL retrieval method.
Configures how long the ASA caches CRLs for the
current trustpoint. refresh-time is the number of
minutes that the ASA waits before considering a
CRL stale.
Requires the NextUpdate field in CRLs. This is the
default setting.
Allows the NextUpdate field to be absent in CRLs.