Verifying certificates without CRL checking

  1. Enter system view.

    system-view

  2. Enter PKI domain view.

    pki domain domain-name

  3. Disable CRL checking.

    undo crl check enable

    By default, CRL checking is enabled.

  4. Return to system view.

    quit

  5. Obtain a CA certificate for the PKI domain.

    See "Obtaining certificates."

    The PKI domain must have a CA certificate before you can verify certificates in it.

  6. Manually verify the certificate validity.

    pki validate-certificate domain domain-name { ca | local }

    This command is not saved in the configuration file.