crl check

Syntax

crl check { disable | enable }

View

PKI domain view

Default level

2: System level

Parameters

disable: Disables CRL checking.

enable: Enables CRL checking.

Description

Use crl check to enable or disable CRL checking.

By default, CRL checking is enabled.

CRLs are files issued by the CA to publish all certificates that have been revoked. Revocation of a certificate might occur before the certificate expires. CRL checking is intended for checking whether a certificate has been revoked. A revoked certificate is no longer trusted.

Examples

# Disable CRL checking.

<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] crl check disable