Certificate Revocation List (CRL) Configuration for the Juniper IVE
Introduction
Use this guide to ensure the Certificate Revocation List is correctly configured for existing SecureAuth IdP intermediate certificates that have already been installed as trusted client CAs on Juniper IVE.
Note
Revoked X.509v3 personal certificates require the CRL to be checked by network edge devices such as Cisco ASA
Configuration steps
1. Log on Juniper IVE with super admin user permissions
 |
2. Navigate to Configuration > Certificates > Trusted Client CAs
 |
3. Select the the Nevada or Sierra Intermediate certificate, then
1) Select Use CRLs (Certificate Revocation Lists) and click Save Changes
2) Click theCRL Checking Options button and then click Edit
 |
Note
Button #2 cannot be clicked until the Save Changes button has been invoked
4.From the CRL Distribution Points (CDP) dropdown, use the CDP(s) specified in the Trusted Client CA selection
5. The Juniper IVE system logs can confirm the CRL has been pulled based on the CRL Download Frequency hour interval specified.
As an option, an alternate value for the CRL Download Frequency default of 24 hours can be specified
 |
Note
Repeat steps 3 to 5 of this process for the other (Nevada / Sierra) intermediate certificate