Configuring Crl-Checking-Disabled Pki Certificate Verification; Destroying A Local Rsa Key Pair - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
Step
4.
Set the CRL update period.
5.
Enable CRL checking.
6.
Return to system view.
7.
Retrieve the CA certificate.
8.
Retrieve CRLs.
9.
Verify the validity of a
certificate.
Configuring CRL-checking-disabled PKI certificate verification
To configure CRL-checking-disabled PKI certificate verification:
Step
Enter system view.
1.
2.
Enter PKI domain view.
3.
Disable CRL checking.
4.
Return to system view.
5.
Retrieve the CA certificate.
6.
Verify the validity of the
certificate.
Destroying a local RSA key pair
A certificate has a lifetime, which is determined by the CA. When the private key leaks or the certificate
is about to expire, you can destroy the old RSA key pair and then create a pair to request a new
certificate.
To destroy a local RSA key pair:
Step
1.
Enter system view.
2.
Destroy a local RSA key pair.
Command
crl update-period hours
crl check enable
quit
See
"Retrieving a certificate
manually"
pki retrieval-crl domain
domain-name
pki validate-certificate { ca | local }
domain domain-name
Command
system-view
pki domain domain-name
crl check disable
quit
See
"Retrieving a certificate
manually"
pki validate-certificate { ca | local }
domain domain-name
Command
system-view
public-key local destroy rsa
255
Remarks
Optional.
By default, the CRL update period
depends on the next update field in
the CRL file.
Optional.
Enabled by default.
N/A
N/A
N/A
N/A
Remarks
N/A
N/A
Enabled by default
N/A
N/A
N/A
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
