EasyManuals Logo

HP MSR SERIES Command Reference

HP MSR SERIES
684 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #267 background imageLoading...
Page #267 background image
253
Syntax
crl url url-string [ vpn-instance vpn-instance-name ]
undo crl url
Default
The URL of the CRL repository is not specified.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
url-string: Specifies the URL of the CRL repository, a case-sensitive string of 1 to 511 characters in the
format of ldap://server_location or http://server_location, where server_location can be an IP address
or a domain name.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the CRL repository
belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the CRL
repository is on the public network, do not specify this option.
Usage guidelines
CRL checking verifies whether a certificate is in the CRL. If it is, the certificate has been revoked and its
home entity is not trusted.
To use CRL checking, a CRL must be obtained from a CRL repository. The device selects the CRL
repository from the following information. When the CRL repository is found, the selection process stops.
The selection order is as follows:
1. CRL repository specified in the PKI domain.
2. CRL repository in the certificate to be verified.
3. CRL repository in the CA certificate, or CRL repository CRL in the upper-level CA certificate if the
CA certificate is the certificate to be verified.
After the previous selection process, if the CRL repository is not found, the device obtains the CRL through
SCEP. To use SCEP to obtain the CRL, the CA certificate and the local certificates must have been
obtained.
If an LDAP-format URL is specified but the URL does not carry the host name of the CRL repository, the
device can get the complete URL information according to the LDAP server address specified in the PKI
domain.
The actual length of the URL is restricted by the CLI or the url-string parameter, whichever is smaller.
Examples
# Specify the URL of the CRL repository as http://169.254.0.30.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] crl url http://169.254.0.30
# Specify the URL of the CRL repository as ldap://169.254.0.30 in VPN instance vpn1.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] crl url ldap://169.254.0.30 vpn-instance vpn1

Table of Contents

Other manuals for HP MSR SERIES

Preview: Configuration Guide
Configuration Guide889 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP MSR SERIES and is the answer not in the manual?

HP MSR SERIES Specifications

General IconGeneral
Product SeriesMSR Series
ManufacturerHP
CategoryNetwork Router
PortsVaries by model
WAN InterfacesVaries by model
LAN InterfacesVaries by model
VPN SupportYes
FirewallYes
DimensionsVaries by model
WeightVaries by model
Wireless SupportVaries by model
ManagementWeb-based, CLI
Power SupplyVaries by model
Operating Temperature0°C to 45°C
Storage Temperature-40°C to 70°C
Humidity5% to 95% non-condensing

Related product manuals