IMPORTANT
Action required: Apply the fix for SNS firewall disks.
Please follow the procedure described in the How to update my SSD Firmware - Stormshield Knowledge Base article (authentication required).
Creating, renewing or removing a CRL
When an authority or sub-authority is added to the PKI, its Certificate Revocation List (CRL) must be created.
Likewise, even though a CRL automatically updates on a regular basis, it may be necessary to renew it manually after revoking certificates that were signed by the authority that owns the CRL.
Creating a CRL
- In the list on the left, select the authority or sub-authority for which the CRL needs to be created.
- Click on Actions.
- Select Create CRL.
A dialog box opens. - Enter the password of the authority or sub-authority.
- In the CRL export section, check or uncheck Export CRL after revocation depending on your requirements.
If this checkbox is selected, choose the File format for the export:
- Base64 format (PEM),
- Binary format (DER).
- Click on Apply.
- If you have chosen to export the CRL, a window will open with a link to download the CRL export file.
Renewing a CRL
- In the list on the left, select the authority or sub-authority for which the CRL needs to be renewed.
- Click on Actions.
- Select Renew CRL.
A dialog box opens. - Enter the password of the authority or sub-authority.
- In the CRL export section, check or uncheck Export CRL after revocation depending on your requirements.
If this checkbox is selected, choose the File format for the export:
- Base64 format (PEM),
- Binary format (DER).
- Click on Apply.
- If you have chosen to export the CRL, a window will open with a link to download the CRL export file.
Removing a CRL
- In the list on the left, select the authority or sub-authority for which the CRL needs to be removed.
- Click on Actions.
- Select Remove CRL.
A dialog box opens. - Confirm by clicking on OK.