3Com Router 3000 Ethernet Family
Configuration Guide
Note:
CRL update period configured manually takes priority over that specified in CRLs.
9.3.4 Enabling/Disabling CRL Check
CRL check is optional for certificate validation. If it is enabled, you must check CRL to
decide on the certificate validity.
Perform the following configuration in PKI domain view
Table 9-26 Enable/disable CRL check
Disable CRL check
Enable CRL check
By default, CRL check is enabled.
9.3.5 Retrieving a CRL
Having finished the above configuration tasks, you can retrieve CRL in any view. The
purpose of downloading CRL is to verify the validity of the certificates on a local device.
Perform the following configuration in system view.
Table 9-27 Retrieve a CRL
Retrieve a CRL and download it locally
Note:
This operation will not be saved in configuration.
9.3.6 Verifying Certificate Validity
You can verify the validity of a local certificate using the parameter "local" ; or a CA
certificate using the parameter "ca".
Perform the following configuration in system view.
Operation
Operation
3Com Corporation
9-16
Chapter 9 PKI Configuration
Command
crl check disable
undo crl check disable
Command
pki retrieval-crl domain domain-name