196
Ste
Command
Remarks
2. Enter PKI domain view.
pki domain domain-name N/A
3. (Optional.) Specify the URL
of the CRL repository.
crl url url-string [ vpn-instance
vpn-instance-name ]
By default, the URL of the CRL
repository is not specified.
4. Enable CRL checking.
crl check enable By default, CRL checking is enabled.
5. Return to system view.
quit N/A
6. Obtain the CA certificate.
See "Obtaining certificates." N/A
7. (Optional.) Obtain the CRL
and save it locally.
pki retrieve-crl domain
domain-name
The newly obtained CRL overwrites
the old one, if any.
The obtained CRL must be issued by
a CA certificate in the CA certificate
chain in the current domain.
8. Verify the validity of the
certificates.
pki validate-certificate domain
domain-name { ca | local }
N/A
Verifying certificates without CRL checking
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter PKI domain view.
pki domain domain-name N/A
3. Disable CRL checking.
undo crl check enable
By default, CRL checking is
enabled.
4. Return to system view.
quit N/A
5. Obtain the CA certificate.
See "Obtaining certificates." N/A
6. Verify the validity of the
certificates.
pki validate-certificate domain
domain-name { ca | local }
This command is not saved in the
configuration file.
Specifying the storage path for the certificates and
CRLs
CAUTION:
If you change the storage path, save the confi
uration before you reboot or shut down the device to avoid
loss of the certificates or the CRLs.
The device has a default storage path for the obtained local certificates and CRLs. You can change the
storage path and specify different paths for the certificates and CRLs.
To Next Page
Loading...
