Configuring Pki Certificate Verification; Configuring Pki Certificate Verification With Crl Checking - HP 12500 Series Configuration Manual

Step
1. Enter system view.
2. Retrieve a certificate
manually.

Configuring PKI certificate verification

A certificate needs to be verified before being used. Verifying a certificate will check that the certificate
is signed by the CA and that the certificate has neither expired nor been revoked.
You can specify whether CRL checking is required in certificate verification. If you enable CRL checking,
CRLs will be used in verification of a certificate. In this case, be sure to retrieve the CA certificate and
CRLs to the local switch before the certificate verification. If you disable CRL checking, you only need to
retrieve the CA certificate.

Configuring PKI certificate verification with CRL checking

Step
1. Enter system view.
2. Enter PKI domain view.
3. Specify the URL of the CRL
distribution point.
Set the CRL update period.
4.
5. Enable CRL checking.
6. Return to system view.
7. Retrieve the CA certificate.
Command
system-view
•
In online mode:
pki retrieval-certificate { ca | local } domain
domain-name
•
In offline mode:
pki import-certificate { ca | local } domain
domain-name { der | p12 | pem } [ filename
filename ]
Command
system-view
pki domain domain-name
crl url url-string
crl update-period hours
crl check enable
quit
See "Retrieving a certificate
manually"
299
Remarks
N/A
Use either command.
Remarks
N/A
N/A
Optional.
No CRL distribution point URL is
specified by default.
Optional.
By default, the CRL update period
depends on the next update field in
the CRL file.
This command defines the interval
at which the entity downloads CRLs
from the CRL server. The
configured value takes precedence
over that carried in the CRLs.
Optional.
Enabled by default.
N/A
N/A