Configuring Crl-Checking-Disabled Pki Certificate Verification; Destroying A Local Rsa Key Pair; Deleting A Certificate - HP A5830 Series Configuration Manual

To do...
9. Verify the validity of a
certificate.
The CRL update period defines the interval at which the entity downloads CRLs from the CRL server. The
CRL update period setting manually configured on the switch is prior to that carried in the CRLs.
The pki retrieval-crl domain command cannot be saved in the configuration file.
The URL of the CRL distribution point does not support domain name resolution.

Configuring CRL-checking-disabled PKI certificate verification

To do...
1. Enter system view.
2. Enter PKI domain view.
3. Disable CRL checking.
4. Return to system view.
5. Retrieve the CA certificate.
6. Verify the validity of the
certificate.

Destroying a local RSA key pair

A certificate has a lifetime, which is determined by the CA. When the private key leaks or the certificate
is about to expire, you can destroy the old RSA key pair and then create a pair to request a new
certificate.
To destroy a local RSA key pair:
To do...
1. Enter system view.
2. Destroy a local RSA key pair.
For more information about the public-key local destroy command, see Security Command Reference.

Deleting a certificate

When a certificate requested manually is about to expire or you want to request a new certificate, you
can delete the current local certificate or CA certificate.
To delete a certificate:
Use the command...
pki validate-certificate { ca | local
} domain domain-name
Use the command...
system-view
pki domain domain-name
crl check disable
quit
See "Retrieving a certificate
manually."
pki validate-certificate { ca | local
} domain domain-name
Use the command...
system-view
public-key local destroy rsa
156
Remarks
Required.
Remarks
—
—
Required
Enabled by default
—
Required
Required
Remarks
—
Required