Certificate Validation Configuration; Specifying Crl Distribution Point Location; Configuring Crl Update Period - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide

9.3 Certificate Validation Configuration

9.3.1 Configuration Task List
At every stage of data communication, both parties should verify the validity of
corresponding certificates, including issue time, issuer and certificate validity. The core
is to verify the signature of CA and to make sure the certificate is still valid. It is believed
that CA never issues fake certificates, so every certificate with an authentic CA
signature will pass the verification. For example, if you receive an Email, which contains
a certificate with public key and is encrypted with private key, then you should verify the
validity of this certificate, to determine whether it is valid and trustworthy.
For certificate validation, you need to:
Specify CRL distribution point location
Configure CRL update period
Enable/Disable CRL check
Retrieve CRL
Verify certificate validity

9.3.2 Specifying CRL Distribution Point location

Perform the following configuration in PKI domain view.
Table 9-24 Configure CRL distribution point location
Specify CRL distribution point location
Delete the location setting
By default, no CRL distribution point location is specified.

9.3.3 Configuring CRL Update Period

CRL update period refers to the interval to download CRLs from CRL access server to
a local machine.
Perform the following configuration in PKI domain view.
Table 9-25 Configure CRL update period
Specify CRL update period
Restore the default period
By default, CRLs are updated according to their validity period.
Operation
Operation
3Com Corporation
9-15
Chapter 9 PKI Configuration
Command
crl url url-string
undo crl url
Command
crl update period hours
undo crl update period