Verifying Certificates Without Crl Checking; Specifying The Storage Path For The Certificates And Crls - HP FlexFabric 5930 Series Security Configuration Manual

Step
7. (Optional.) Obtain the CRL
and save it locally.
8. Verify the validity of the
certificates.

Verifying certificates without CRL checking

Step
1. Enter system view.
2. Enter PKI domain view.
3. Disable CRL checking.
4. Return to system view.
5. Obtain the CA certificate.
6. Verify the validity of the
certificates.
Specifying the storage path for the certificates and
CRLs
CAUTION:
If you change the storage path, save the configuration before you reboot or shut down the device to avoid
loss of the certificates or the CRLs.
The device has a default storage path for the obtained local certificates and CRLs. You can change the
storage path and specify different paths for the certificates and CRLs.
After you change the storage path for the certificates or CRLs, the certificate files (with the file
extension .cer or .p12) and CRL files (with the extension .crl) in the original path are moved to the new
path.
To specify the storage path for the certificates and CRLs:
Command
pki retrieve-crl domain
domain-name
pki validate-certificate domain
domain-name { ca | local }
Command
system-view
pki domain domain-name
undo crl check enable
quit
See "Obtaining certificates."
pki validate-certificate domain
domain-name { ca | local }
80
Remarks
The newly obtained CRL overwrites
the old one, if any.
The obtained CRL must be issued by
a CA certificate in the CA certificate
chain in the current domain.
N/A
Remarks
N/A
N/A
By default, CRL checking is
enabled.
N/A
N/A
This command is not saved in the
configuration file.