46
•
Whether the certificate is revoked. This check is performed only if CRL checking is enabled.
When CRL checking is enabled:
•
To verify the local certificates, if the PKI domain has no CRLs, the device looks up the locally
saved CRLs. If a correct CRL is found, the device loads the CRL to the PKI domain. If no correct
CRL is found locally, the device obtains a correct CRL from the CA server and saves it locally.
•
To verify the CA certificate, CRL checking is performed for the CA certificate chain from the
current CA to the root CA.
Examples
# Verify the validity of the CA certificate in PKI domain
aaa
.
<Sysname> system-view
[Sysname] pki validate-certificate domain aaa ca
Verifying certificate......
Serial Number:
f6:3c:15:31:fe:bb:ec:94:dc:3d:b9:3a:d9:07:70:e5
Issuer:
C=cn
O=ccc
OU=ppp
CN=rootca
Subject:
C=cn
O=abc
OU=test
CN=aca
Verify result: OK
Verifying certificate......
Serial Number:
5c:72:dc:c4:a5:43:cd:f9:32:b9:c1:90:8f:dd:50:f6
Issuer:
C=cn
O=ccc
OU=ppp
CN=rootca
Subject:
C=cn
O=ccc
OU=ppp
CN=rootca
Verify result: OK
# Verify the local certificates in PKI domain
aaa
.
<Sysname> system-view
[Sysname] pki validate-certificate domain aaa local
Verifying certificate......
Serial Number:
bc:05:70:1f:0e:da:0d:10:16:1e
Issuer:
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...