Verifying Certificates With Crl Checking; Verifying Certificates Without Crl Checking; Destroying The Local Rsa Key Pair - HPE FlexNetwork MSR Series Comware 5 Security Configuration Manual

Verifying certificates with CRL checking

Step
1. Enter system view.
2. Enter PKI domain view.
3. Specify the URL of the CRL
distribution point.
4. Set the CRL update period.
5. Enable CRL checking.
6. Return to system view.
7. Retrieve the CA certificate.
8. Retrieve the CRLs.
9. Verify the validity of a
certificate.

Verifying certificates without CRL checking

Step
1. Enter system view.
2. Enter PKI domain view.
3. Disable CRL checking.
4. Return to system view.
5. Retrieve the CA certificate.
6. Verify the validity of the
certificate.

Destroying the local RSA key pair

A certificate has a lifetime, which is determined by the CA. When the private key leaks or the
certificate is about to expire, you can destroy the old RSA key pair and then create a pair to request
a new certificate.
To destroy the local RSA key pair:
Command
system-view
pki domain domain-name
crl url url-string
crl update-period hours
crl check enable
quit
"Retrieving a certificate
See
manually"
pki retrieval-crl domain
domain-name
pki validate-certificate { ca |
local } domain domain-name
Command
system-view
pki domain domain-name
crl check disable
quit
"Retrieving a certificate
See
manually"
pki validate-certificate { ca |
local } domain domain-name
250
Remarks
N/A
N/A
Optional.
No CRL distribution point URL is
specified by default.
Optional.
By default, the CRL update period
depends on the next update field
in the CRL file.
Optional.
Enabled by default.
N/A
N/A
N/A
This command is not saved in the
configuration file.
N/A
Remarks
N/A
N/A
Enabled by default.
N/A
N/A
N/A