471
Usage guidelines
Use this command to identify whether a certificate has been revoked.
Examples
# Display information about the CRL saved at the local for PKI domain aaa.
<Sysname> display pki crl domain aaa
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=cn/O=docm/OU=sec/CN=therootca
Last Update: Apr 28 01:42:13 2011 GMT
Next Update: NONE
CRL extensions:
X509v3 CRL Number:
6
X509v3 Authority Key Identifier:
keyid:49:25:DB:07:3A:C4:8A:C2:B5:A0:64:A5:F1:54:93:69:14:51:11:EF
Revoked Certificates:
Serial Number: CDE626BF7A44A727B25F9CD81475C004
Revocation Date: Apr 28 01:37:52 2011 GMT
CRL entry extensions:
Invalidity Date:
Apr 28 01:37:49 2011 GMT
Serial Number: FCADFA81E1F56F43D3F2D3EF7EB56DE5
Revocation Date: Apr 28 01:33:28 2011 GMT
CRL entry extensions:
Invalidity Date:
Apr 28 01:33:09 2011 GMT
Signature Algorithm: sha1WithRSAEncryption
57:ac:00:3e:1e:e2:5f:59:62:04:05:9b:c7:61:58:2a:df:a4:
5c:e5:c0:14:af:c8:e7:de:cf:2a:0a:31:7d:32:da:be:cd:6a:
36:b5:83:e8:95:06:bd:b4:c0:36:fe:91:7c:77:d9:00:0f:9e:
99:03:65:9e:0c:9c:16:22:ef:4a:40:ec:59:40:60:53:4a:fc:
8e:47:57:23:e0:75:0a:a4:1c:0e:2f:3d:e0:b2:87:4d:61:8a:
4a:cb:cb:37:af:51:bd:53:78:76:a1:16:3d:0b:89:01:91:61:
52:d0:6f:5c:09:59:15:be:b8:68:65:0c:5d:1b:a1:f8:42:04:
ba:aa
Table 66 Command output
Version CRL version number.
Signature Algorithm Signature algorithm used by the CA to sign the CRL.
Issuer Name of the CA that issued the CRL.
Last Update Most recent CRL update time.
Next Update Next CRL update time.
X509v3 Authority Key Identifier X509v3 ID of the CA that issues the CRL.
To Next Page
Loading...
Need help?
General
