crl check
Syntax
View
Parameter
Description
Example
crl update-period
Syntax
View
Parameter
Description
<Sysname> system-view
[Sysname] pki entity 1
[Sysname-pki-entity-1] country CN
crl check { disable | enable }
PKI domain view
disable: Disables CRL checking.
enable: Enables CRL checking.
Use the
command to enable or disable CRL checking.
crl check
By default, CRL checking is enabled.
CRLs are files issued by the CA to distribute all certificates have been revoked.
Revocation of a certificate may occur before the certificate expires. CRL checking is
intended for checking whether a certificate has been revoked. A revoked
certificate is no longer trusted.
# Disable CRL checking.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] crl check disable
crl update-period hours
undo crl update-period
PKI domain view
hours: CRL update period, in the range 1 to 720 hours.
Use the
crl update-period
interval at which the PKI entity downloads the latest CRL.
Use the
undo crl update-period
By default, the CRL update period depends on the next update field in the CRL
file.
The CRL update period is the interval at which a PKI entity with a certificate
downloads a CRL from LDAP server.
command to set the CRL update period, that is, the
command to restore the default.
2049