Configuring PKI certificate verification with CRL checking
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter PKI domain view. | pki domain domain-name | N/A |
3. Specify the URL of the CRL distribution point. | crl url url-string | Optional. No CRL distribution point URL is specified by default. |
4. Set the CRL update period. | crl update-period hours | Optional. By default, the CRL update period depends on the next update field in the CRL file. |
5. Enable CRL checking. | crl check enable | Optional. Enabled by default. |
6. Return to system view. | quit | N/A |
7. Retrieve the CA certificate. | N/A | |
8. Retrieve the CRLs. | pki retrieval-crl domain domain-name | N/A This command is not saved in the configuration file. |
9. Verify the validity of a certificate. | pki validate-certificate { ca | local } domain domain-name | N/A |