196
Required
Enabled by default
Retrieve the CA certificate
See ―Retrieving a certificate
manually―
Verify the validity of the certificate
pki validate-certificate { ca | local
} domain domain-name
NOTE:
The CRL update period refers to the interval at which the entity downloads CRLs from the CRL server. The CRL
update period configured manually is prior to that specified in the CRLs.
The pki retrieval-crl domain configuration will not be saved in the configuration file.
The URL of the CRL distribution point does not support domain name resolution.
Destroying a local RSA key pair
A certificate has a lifetime, which is determined by the CA. When the private key leaks or the certificate
is about to expire, destroy the old RSA key pair and then create a pair to request a new certificate.
Follow these steps to destroy a local RSA key pair:
Destroy a local RSA key pair
public-key local destroy rsa
NOTE:
For more information about the public-key local destroy command, see the
Security Command
Reference
.
Deleting a certificate
When a certificate requested manually is about to expire or you want to request a new certificate, delete
the current local certificate or CA certificate.
Follow these steps to delete a certificate:
pki delete-certificate { ca | local }
domain domain-name
To Next Page
Loading...
