196
Ste
Command
Remarks
2. Enter PKI domain view.
pki domain domain-name N/A
3. (Optional.) Specify the URL
of the CRL repository.
crl url url-string [ vpn-instance
vpn-instance-name ]
By default, the URL of the CRL
repository is not specified.
4. Enable CRL checking.
crl check enable By default, CRL checking is enabled.
5. Return to system view.
quit N/A
6. Obtain the CA certificate.
See "Obtaining certificates." N/A
7. (Optional.) Obtain the CRL
and save it locally.
pki retrieve-crl domain
domain-name
The newly obtained CRL overwrites
the old one, if any.
The obtained CRL must be issued by
a CA certificate in the CA certificate
chain in the current domain.
8. Verify the validity of the
certificates.
pki validate-certificate domain
domain-name { ca | local }
N/A
Verifying certificates without CRL checking
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter PKI domain view.
pki domain domain-name N/A
3. Disable CRL checking.
undo crl check enable
By default, CRL checking is
enabled.
4. Return to system view.
quit N/A
5. Obtain the CA certificate.
See "Obtaining certificates." N/A
6. Verify the validity of the
certificates.
pki validate-certificate domain
domain-name { ca | local }
This command is not saved in the
configuration file.
Specifying the storage path for the certificates and
CRLs
CAUTION:
If you change the storage path, save the confi
uration before you reboot or shut down the device to avoid
loss of the certificates or the CRLs.
The device has a default storage path for the obtained local certificates and CRLs. You can change the
storage path and specify different paths for the certificates and CRLs.
To Next Page
Loading...
Need help?
General
