Table of Contents
Advertisement
domain-name: Name of the PKI domain to which the certificate to be verified belongs, a string of 1 to
15 characters.
Description
Use the pki validate-certificate command to verify the validity of a certificate.
The focus of certificate validity verification is to check that the certificate is signed by the CA and that
the certificate has neither expired nor been revoked.
Related commands: pki domain.
Examples
# Verify the validity of the local certificate.
<Sysname> system-view
[Sysname] pki validate-certificate local domain 1
root-certificate fingerprint
Syntax
root-certificate fingerprint { md5 | sha1 } string
undo root-certificate fingerprint
View
PKI domain view
Default Level
2: System level
Parameters
md5: Uses an MD5 fingerprint.
sha1: Uses a SHA1 fingerprint.
string: Fingerprint to be used. An MD5 fingerprint must be a string of 32 characters in hexadecimal. A
SHA1 fingerprint must be a string of 40 characters in hexadecimal.
Description
Use the root-certificate fingerprint command to configure the fingerprint to be used for verifying the
validity of the CA root certificate.
Use the undo root-certificate fingerprint command to remove the configuration.
By default, no fingerprint is configured for verifying the validity of the CA root certificate.
Examples
# Configure an MD5 fingerprint for verifying the validity of the CA root certificate.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] root-certificate fingerprint md5 12EF53FA355CD23E12EF53FA355CD23E
# Configure a SHA1 fingerprint for verifying the validity of the CA root certificate.
11-24
Advertisement
Chapters
Table of Contents
