Operation Manual – PKI
H3C S5500-EI Series Ethernet Switches
Set the CRL update
period
Enable CRL checking
Return to system view
Retrieve the CA certificate
Retrieve CRLs
Verify the validity of a
certificate
II. Configuring CRL-checking-disabled PKI certificate validation
Follow these steps to configure CRL-checking-disabled PKI certificate validation:
Enter system view
Enter PKI domain view
Disable CRL checking
Return to system view
Retrieve the CA certificate
Verify the validity of the
certificate
To do...
crl update-period hours
crl check enable
quit
Refer to
Certificate Manually
pki retrieval-crl domain
domain-name
pki validate-certificate
{ ca | local } domain
domain-name
To do...
system-view
pki domain
domain-name
crl check disable
quit
Refer to
Certificate Manually
pki validate-certificate
{ ca | local } domain
domain-name
Use the command...
Retrieving a
Use the command...
Retrieving a
1-12
Chapter 1 PKI Configuration
Remarks
Optional
By default, the CRL
update period depends on
the next update field in the
CRL file.
Optional
Enabled by default
—
Required
Required
Required
Remarks
—
—
Required
Enabled by default
—
Required
Required