255
Step Command Remarks
4. Set the CRL update period.
crl update-period hours
Optional.
By default, the CRL update period
depends on the next update field in
the CRL file.
5. Enable CRL checking.
crl check enable
Optional.
Enabled by default.
6. Return to system view.
quit N/A
7. Retrieve the CA certificate.
See "Retrieving a certificate
manually"
N/A
8. Retrieve CRLs.
pki retrieval-crl domain
domain-name
N/A
9. Verify the validity of a
certificate.
pki validate-certificate { ca | local }
domain domain-name
N/A
Configuring CRL-checking-disabled PKI certificate verification
To configure CRL-checking-disabled PKI certificate verification:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter PKI domain view. pki domain domain-name N/A
3. Disable CRL checking.
crl check disable Enabled by default
4. Return to system view.
quit N/A
5. Retrieve the CA certificate.
See "Retrieving a certificate
manually"
N/A
6. Verify the validity of the
certificate.
pki validate-certificate { ca | local }
domain domain-name
N/A
Destroying a local RSA key pair
A certificate has a lifetime, which is determined by the CA. When the private key leaks or the certificate
is about to expire, you can destroy the old RSA key pair and then create a pair to request a new
certificate.
To destroy a local RSA key pair:
Step Command
1. Enter system view. system-view
2. Destroy a local RSA key pair.
public-key local destroy rsa
To Next Page
Loading...
Need help?
General
