1-11
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter PKI domain view
pki domain domain-name
—
Disable CRL checking
crl check
disable
Required
Enabled by default
Return to system view
quit
—
Retrieve the CA certificate
Refer to
Required
Verify the validity of the
certificate
pki validate-certificate
{
ca
|
local
}
domain
domain-name
Required
z
The CRL update period refers to the interval at which the entity downloads CRLs from the CRL
server. The CRL update period configured manually is prior to that specified in the CRLs.
z
The
pki retrieval-crl domain
configuration will not be saved in the configuration file.
z
Currently, the URL of the CRL distribution point does not support domain name resolving.
Destroying a Local RSA Key Pair
A certificate has a lifetime, which is determined by the CA. When the private key leaks or the certificate
is about to expire, you can destroy the old RSA key pair and then create a pair to request a new
certificate.
Follow these steps to destroy a local RSA key pair:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Destroy a local RSA key pair
public-key local destroy
rsa
Required
For details about the
public-key local destroy
command, refer to
Public Key Commands
in the
Security Volume
.
Deleting a Certificate
When a certificate requested manually is about to expire or you want to request a new certificate, you
can delete the current local certificate or CA certificate.
Follow these steps to delete a certificate:
Summary of Contents for S5500-SI Series
Page 161: ...3 10 GigabitEthernet1 0 1 2 MANUAL...
Page 220: ...1 7 Clearing ARP entries from the ARP table may cause communication failures...
Page 331: ...1 7 1 1 ms 1 ms 1 ms 1 1 6 1 2 1 ms 1 ms 1 ms 1 1 4 1 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 493: ...2 8...
Page 1111: ...1 10 Installing patches Installation completed and patches will continue to run after reboot...