Verifying Certificates Without Crl Checking; Specifying The Storage Path For The Certificates And Crls - H3C S5830V2 Security Configuration Manual
Hide thumbs
Also See for S5830V2:
- Configuration manual (318 pages) ,
- Command reference manual (301 pages) ,
- Installation manual (63 pages)
Table of Contents
Advertisement
To use SCEP to obtain the CRL, the CA certificate and the local certificates must be present.
To verify certificates with CRL checking:
Step
1.
Enter system view.
2.
Enter PKI domain view.
3.
(Optional.) Specify the URL
of the CRL repository.
4.
Enable CRL checking.
5.
Return to system view.
6.
Obtain the CA certificate.
7.
(Optional.) Obtain the CRL
and save it locally.
8.
Verify the validity of the
certificates.
Verifying certificates without CRL checking
Step
1.
Enter system view.
2.
Enter PKI domain view.
3.
Disable CRL checking.
4.
Return to system view.
5.
Obtain the CA certificate.
6.
Verify the validity of the
certificates.
Specifying the storage path for the certificates and
CRLs
Command
system-view
pki domain domain-name
crl url url-string [ vpn-instance
vpn-instance-name ]
crl check enable
quit
See
"Obtaining
certificates."
pki retrieve-crl domain
domain-name
pki validate-certificate domain
domain-name { ca | local }
Command
system-view
pki domain domain-name
undo crl check enable
quit
See
"Obtaining
certificates."
pki validate-certificate domain
domain-name { ca | local }
136
Remarks
N/A
N/A
By default, the URL of the CRL
repository is not specified.
By default, CRL checking is enabled.
N/A
N/A
The newly obtained CRL overwrites
the old one, if any.
The obtained CRL must be issued by
a CA certificate in the CA certificate
chain in the current domain.
N/A
Remarks
N/A
N/A
By default, CRL checking is
enabled.
N/A
N/A
This command is not saved in the
configuration file.
Advertisement
Table of Contents
Troubleshooting
