appliance uses the most recently distributed CRL to prevent clients with
revoked certificates from accessing secure resources.
If CRLs are
updated often, the NetScaler needs an automated mechanism to fetch the latest
CRLs from the repository. You can configure the NetScaler to update CRLs
automatically at a specified refresh interval.
maintains an internal list of CRLs that need to be updated at regular
intervals. At these specified intervals, the appliance scans the list for CRLs
that need to be updated, connects to the remote LDAP server or HTTP server,
retrieves the latest CRLs, and then updates the local CRL list with the new
Note: If CRL check
is set to mandatory when the CA certificate is bound to the virtual server, and
the initial CRL refresh fails, all client-authentication connections with the
same issuer as the CRL are rejected as REVOKED until the CRL is successfully
You can specify
the interval at which the CRL refresh should be carried out. You can also
specify the exact time.