Configuring Pki Certificate Verification Without Crl Checking; Destroying A Local Rsa Or Ecdsa Key Pair; Deleting A Certificate - HP 12500 Series Configuration Manual

Routing
Table of Contents

Advertisement

Step
8.
Retrieve CRLs.
9.
Verify the validity of a
certificate.

Configuring PKI certificate verification without CRL checking

Step
1.
Enter system view.
2.
Enter PKI domain view.
3.
Disable CRL checking.
4.
Return to system view.
5.
Retrieve the CA certificate.
6.
Verify the validity of the
certificate.

Destroying a local RSA or ECDSA key pair

A certificate has a lifetime, which is determined by the CA. When the private key leaks or the certificate
is about to expire, you can destroy the old RSA or ECDSA key pair and then create a pair to request a
new certificate.
To destroy a local RSA key pair:
Step
1.
Enter system view.
Destroy a local RSA or
2.
ECDSA key pair.
For more information about the public-key local destroy command, see Security Command Reference.

Deleting a certificate

When a certificate requested manually is about to expire or you want to request a new certificate, you
can delete the current local certificate or CA certificate.
To delete a certificate:
Command
pki retrieval-crl domain
domain-name
pki validate-certificate { ca | local }
domain domain-name
Command
system-view
pki domain domain-name
crl check disable
quit
See
"Retrieving a certificate
manually"
pki validate-certificate { ca | local }
domain domain-name
Command
system-view
public-key local destroy { ecdsa | rsa }
300
Remarks
N/A
The pki retrieval-crl domain
command cannot be saved in the
configuration file.
N/A
Remarks
N/A
N/A
Enabled by default.
N/A
N/A
N/A

Advertisement

Table of Contents
loading

Table of Contents