Description
Use crl update-period to set the CRL update period, the interval at which a PKI entity with a certificate
downloads the latest CRL from the LDAP server.
Use undo crl update-period to restore the default.
By default, the CRL update period depends on the next update field in the CRL file.
Examples
# Set the CRL update period to 20 hours.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] crl update-period 20
crl url
Syntax
crl url url-string
undo crl url
View
PKI domain view
Default level
2: System level
Parameters
url-string: URL of the CRL distribution point, a case-insensitive string of 1 to 127 characters in the format
ldap://server_location or http://server_location, where server_location must be an IP address and
does not support domain name resolution.
Description
Use crl url to specify the URL of the CRL distribution point.
Use undo crl url to remove the configuration.
By default, no CRL distribution point URL is specified.
When the URL of the CRL distribution point is not set, you should acquire the CA certificate and a local
certificate, and then acquire a CRL through SCEP.
Examples
# Specify the URL of the CRL distribution point.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] crl url ldap://169.254.0.30
display pki certificate
Syntax
display pki certificate { { ca | local } domain domain-name | request-status } [ | { begin | exclude |
include } regular-expression ]
180