Command Line Interface Reference Guide > The SLB Configuration Menu
/cfg/slb/ssl/crlgrp
CRL Distribution Point (CDP) Group Menu
The CRL Distribution Point (CDP) Group menu lets you define the CRL Distribution Point (CDP) Group.
CRLs are posted to Certificate Distribution Points (CDPs) and can be accessed by LDAP and HTTPS. Each CDP includes a complete URI used to access the CRL. For example; http://www.example.com/crl/crl-site.txt.
Alteon supports downloading CRLs from CDPs using the CDP URI embedded in client certificates or URI statically configured in the Alteon authentication policy. This means that multiple CDPs can be used for a single service. For example, if a single Web site supports client certificates from multiple CAs (for example, the Web site of a central bank that supports users using client certificates from different regional banks), various CDP URI locations are extracted from the client's certificates.
When using CDP, client certificate verification is performed in the same way as importing CRLs manually. Once a CRL is downloaded using CDP, all clients that arrive at the SSL tunnel are requested to present a client certificate and then Alteon checks if they appear in the CRL. If the certificate displays in the CRL, then the request is denied.
If you define multiple CDPs, each one is checked ('AND" function) and the certificate is validated only if is not listed in any of the CDPs. In such a case, if any CDP becomes unavailable, the certificate is not validated.
Alternately, Alteon lets you list two CDPs (URIs) as two separate endpoints within one CDP group. In such a case, they work as high-availability support ('OR" function), where if one CDP is unavailable, the certificate is validated by the second CDP.
 
[CDP Group Menu]
add - Add CRL Distribution Point
rem - Remove CRL Distribution Point
del - Delete CDP Group
cur - Display current group configuration
 
Client Authentication Policy Passinfo Menu 
Command Syntax and Usage
add <1-128> <uri> [<username> <password>]
 
Adds the CRL Distribution Point (CDP).
When adding a CDP, you are asked to enter the CDP ID (1-128), CDP endpoint (1 or 2), CDP URI, CDP username and password.
Note: The CDP endpoint of the CDP group to provide high-availability (2 separate CDPs) that either one can validate the certificate.
 
>> CDP Group 1# add
Enter CDP id:
Enter CDP endpoint <1-2> [1]:
Enter CDP URI []:
Enter CDP username or hit return to continue:
rem
 
Removes the CRL Distribution Point (CDP).
You are prompted to enter the CDP ID to be removed (1-128).
del
 
Deletes a CDP group.
cur
 
Displays the current CDP group configuration.