The mechanism used for certificate revocation depends on the CA. Revoked certificates are represented in the CRL by their serial numbers. If a network device attempts to verify the validity of a certificate, it downloads and scans the current CRL for the serial number of the presented certificate. Therefore, if CRL validation is enabled on either peer, a proper CRL URL must be configured as well so the validity of the ID certificates can be verified.

Cx Programmer 9.1 Download 139l

2ff7e9595c