display pki crl domain

Syntax

display pki crl domain domain-name [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

domain-name: Name of the PKI domain, a string of 1 to 15 characters.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use display pki crl domain to display the locally saved CRLs.

Related commands: pki domain and pki retrieval-crl.

Examples

# Display the locally saved CRLs.

<Sysname> display pki crl domain 1
 Certificate Revocation List (CRL): 
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: 
            C=CN
            O=abc
            OU=soft
            CN=A Test Root
        Last Update: Jan  5 08:44:19 2012 GMT
        Next Update: Jan  5 21:42:13 2012 GMT
        CRL extensions: 
            X509v3 Authority Key Identifier:
            keyid:0F71448E E075CAB8 ADDB3A12 0B747387 45D612EC
            Revoked Certificates:
            Serial Number: 05a234448E…
            Revocation Date: Feb 6 12:33:22 2012 GMT
            CRL entry extensions:…
            Serial Number: 05a278445E…
            Revocation Date: Feb 7 12:33:22 2012 GMT
            CRL entry extensions:…

Table 38: Command output

Field

Description

Version

Version of the CRL.

Signature Algorithm

Signature algorithm used by the CRLs.

Issuer

CA issuing the CRLs.

Last Update

Last update time.

Next Update

Next update time.

CRL extensions

Extensions of CRL.

X509v3 Authority Key Identifier

CA issuing the CRLs. The certificate version is X.509 v3.

keyid

ID of the public key.

A CA might have multiple key pairs. This field indicates the key pair used by the CRL’s signature.

Revoked Certificates

Revoked certificates.

Serial Number

Serial number of the revoked certificate.

Revocation Date

Revocation date of the certificate.