Skip to main content

Certificate Revocation List (CRL) Configuration for the Juniper IVE


Use this guide to ensure the Certificate Revocation List is correctly configured for existing SecureAuth IdP intermediate certificates that have already been installed as trusted client CAs on Juniper IVE.


Revoked X.509v3 personal certificates require the CRL to be checked by network edge devices such as Cisco ASA

Configuration steps

1. Log on Juniper IVE with super admin user permissions


2. Navigate to Configuration > Certificates > Trusted Client CAs


3. Select the the Nevada or Sierra Intermediate certificate, then

1) Select Use CRLs (Certificate Revocation Lists) and click Save Changes

2) Click theCRL Checking Options button and then click Edit



Button #2 cannot be clicked until the Save Changes button has been invoked

4.From the CRL Distribution Points (CDP) dropdown, use the CDP(s) specified in the Trusted Client CA selection

5. The Juniper IVE system logs can confirm the CRL has been pulled based on the CRL Download Frequency hour interval specified.

As an option, an alternate value for the CRL Download Frequency default of 24 hours can be specified



Repeat steps 3 to 5 of this process for the other (Nevada / Sierra) intermediate certificate