88 Chapter 3 Using certificatesNN46110-600• CRL Checking Mandatory determines if a CRL must be present when anIPsec tunnel is established to a particular CA. If this is selected, the VPNRouter must have a CRL present for tunnel connections to be successful. Ifthis is not selected, the VPN Router allows certificate authenticated tunnelswhen no CRL is present.• CRL Update Frequency allows you to enter a value in minutes to represent thefrequency the VPN Router queries the CA’s LDAP server for a newlypublished CRL. The default value of 0 indicates that this VPN Router doesnot update any CRLs. This option is useful when more than one VPN Routershares an LDAP database, but you want only one VPN Router to actuallyperform the update operation. To minimize the load on an external LDAPserver, make sure that only one or two VPN Routers are updating a sharedCRL entry in a multiple-VPN Router, shared external LDAP environment.• CRL System Status is read-only and is automatically updated by the VPNRouter to reflect the CRL updating activity.• CRL Retrieval Scheduling allows you to configure the time and day that aCRL request is sent to the CRL Server.Configuring CRL Retrieval SchedulingTo configure CRL Retrieval Scheduling:1 Select System > Certificates.The System > Certificates window appears.2 In the desired certificate row, click details.The Certificate Details window appears.3 To apply the CRL Update Specific Time, select the option box.4 To select the days to apply the CRL Update Specific Time, select the desiredday options.5 In the Time box, type the desired time.6 To enable the CRL Update Specific Time, click Update CRL Now.7 Click OK.