Get the PDF

Create a CRL profile

CRL profiles are supported for

iOS

and

Android

devices.

On the menu bar, click

Policies and Profiles

Click

Certificates > CRL

Click

Type a name and description for the CRL profile.

To allow devices to use responder URLs defined in the certificate, select the

Use certificate extension responders

check box.

Perform any of the following tasks:

Task	Steps
Specify an HTTP CRL configuration	In the HTTP for CRL section, click . Type a name and description for the HTTP CRL configuration. In the Service URL field, type the web address of an HTTP or HTTPS server. Click Add . Repeat steps a. to d. for each HTTP or HTTPS server.
Specify an LDAP CRL configuration	In the LDAP for CRL section, click . Type a name and description for the LDAP CRL configuration. In the Service URL field, type the FQDN of an LDAP server using the format ldap://`<fqdn>`:`<port>` (for example, ldap://server01.example.com:389). For secure connections, use the format ldaps://`<fqdn>`:`<port>`. In the Search base field, type the base DN that is the starting point for LDAP server searches. If necessary, select the Use secure connection check box. In the LDAP user ID field, type the DN of an account that has search permissions on the LDAP server (for example, cn=admin,dc=example,dc=com). In the LDAP password field, type the password for the account that has search permissions on the LDAP server. Click Add . Repeat steps a. to h. for each LDAP server.

Task

Steps

Specify an HTTP CRL configuration

In the

HTTP for CRL

section, click

Type a name and description for the HTTP CRL configuration.

In the

Service URL

field, type the web address of an HTTP or HTTPS server.

Click

Add

Repeat steps a. to d. for each HTTP or HTTPS server.

Specify an LDAP CRL configuration

In the

LDAP for CRL

section, click

Type a name and description for the LDAP CRL configuration.

In the

Service URL

field, type the FQDN of an LDAP server using the format ldap://<fqdn>:<port> (for example, ldap://server01.example.com:389). For secure connections, use the format ldaps://<fqdn>:<port>.

In the

Search base

field, type the base DN that is the starting point for LDAP server searches.

If necessary, select the

Use secure connection

check box.

In the

LDAP user ID

field, type the DN of an account that has search permissions on the LDAP server (for example, cn=admin,dc=example,dc=com).

In the

LDAP password

field, type the password for the account that has search permissions on the LDAP server.

Click

Add

Repeat steps a. to h. for each LDAP server.

Click

Add

If necessary, rank profiles.

Section:

Determining the status of S/MIME certificates on devices