To Next Page

To Previous Page

495

Predefined user roles

network-admin

Parameters

domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters.

The domain name cannot contain the special characters listed in Table 74.

Table 74 Special characters

Character name

Symbol

Character name

Symbol

Tilde ~ Dot .

Asterisk * Left angle bracket <

Backslash \ Right angle bracket >

Vertical bar | Quotation marks "

Colon : Apostrophe '

Usage guidelines

CRLs are used to verify the validity of the local certificates and the peer certificates in a PKI domain.

To obtain CRLs, a PKI domain must have the correct CA certificate.

The URL of the CRL repository is specified by using the crl url command.

The device can obtain CRLs from the CRL repository through the HTTP, LDAP, or SCEP protocol.

Which protocol is used depends on the configuration of the CRL repository in the PKI domain:

• If the specified URL of the CRL repository is in HTTP format, the device obtains CRLs through

the HTTP protocol.

• If the specified URL of the CRL repository is in LDAP format, the device obtains CRLs through

the LDAP protocol. If the specified URL does not have a host name, for example,

ldap:///CN=8088,OU=test,U=rd,C=cn, you must specify the LDAP server's URL for the PKI

domain by using the ldap server command. The device can obtain the complete URL of the

LDAP repository by combining the URLs of the LDAP server and of the CRL repository.

• If the PKI domain is not configured with the CRL repository, the device looks up the local

certificates and then the CA certificate for the CRL repository. If a CRL repository is found, the

device obtains CRLs from the CRL repository. If no CRL repository is found, the device obtains

CRLs through the SCEP protocol.

Examples

# Obtain CRLs from the CRL repository.

<Sysname> system-view

[Sysname] pki retrieve-crl domain aaa

Related commands

crl url

ldap server

pki storage

Use pki storage to specify the storage path for the certificates or CRLs.

Use undo pki storage to restore the default.

Syntax

pki storage { certificates | crls } dir-path

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS