How CRLs from CDP URLs are used
Use this section if you want to use CRL Distribution Point (CDP) as the CRL source for the NetBackup CRL cache.
To use CRLs from CDP
- Ensure that the ECA_CRL_PATH configuration option is not specified.
- Ensure that the host can access the URLs that are specified in the peer host's CDP.
- Ensure that the ECA_CRL_CHECK configuration option is set to a value other than DISABLE.
During host communication, the revocation status of the external certificate is verified with the CRL in the NetBackup CRL cache that contains the CRLs from CDP URLs.
By default, CRLs are downloaded from the CDP after every 24 hours and updated in the CRL cache. To change the time interval, set the ECA_CRL_REFRESH_HOURS configuration option to a different value.
To manually delete the CRLs from the CRL cache, run the nbcertcmd -cleanupCRLCache command.