During communication between the device and peer, the device sends its local certificate to the peer for authentication. An administrator can send a local certificate request to the CA online or offline.
A CA certificate is issued by a CA to a device to verify the validity of its remote device's certificate. This section describes how to upload and export a CA certificate using the web UI.
A CRL contains a list of certificates that have been revoked by a CA. Two devices check whether the CRL contains each other's certificate before communicating with each other. This section describes how to upload a CRL using the web UI.
After you configure certificate attribute-based access control, only the certificates that meet specific conditions can pass verification, which helps implement fine-grained control over users' access permissions.