Destroying A Local Rsa Key Pair - 3Com 4500G Family Configuration Manual

To do...
Retrieve CRLs
Verify the validity of a certificate
Configuring CRL-checking-disabled PKI certificate verification
Follow these steps to configure CRL-checking-disabled PKI certificate verification:
To do...
Enter system view
Enter PKI domain view
Disable CRL checking
Return to system view
Retrieve the CA certificate
Verify the validity of the certificate
The CRL update period refers to the interval at which the entity downloads CRLs from the CRL
server. The CRL update period configured manually is prior to that specified in the CRLs.
The pki retrieval-crl domain configuration will not be saved in the configuration file.
Currently, the URL of the CRL distribution point does not support domain name resolving.

Destroying a Local RSA Key Pair

A certificate has a lifetime, which is determined by the CA. When the private key leaks or the certificate
is about to expire, you can destroy the old RSA key pair and then create a pair to request a new
certificate.
Follow these steps to destroy a local RSA key pair:
To do...
Enter system view
Destroy a local RSA key pair
For details about the public-key local destroy command, refer to Public Key Commands in the
Security Volume.
Use the command...
Manually
pki retrieval-crl domain
domain-name
pki validate-certificate { ca |
local } domain domain-name
Use the command...
system-view
pki domain domain-name
crl check disable
quit
Refer to Retrieving a Certificate Manually
pki validate-certificate { ca | local } domain
domain-name
Use the command...
system-view
public-key local destroy rsa
1-10
Remarks
Required
Required
Remarks
—
—
Required
Enabled by default
—
Required
Required
Remarks
—
Required