Configuring PKI certificate verification

A certificate needs to be verified before being used. Certificate verification can examine whether the certificate is signed by the CA and whether the certificate has expired or been revoked.

You can specify whether to perform CRL checking during certificate verification. If you enable CRL checking, CRLs will be used in verification of a certificate, and you must retrieve the CA certificate and CRLs to the local switch before the certificate verification. If you disable CRL checking, you only need to retrieve the CA certificate.