393
vpn-instance vpn-instance-name
: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. If the CRL repository is on the public network, do not
specify this option.
Usage guidelines
To use CRL checking, a CRL must be obtained from a CRL repository.
The device selects a CRL repository in the following order:
1.
CRL repository specified in the PKI domain by using this command.
2.
CRL repository in the certificate that is being verified.
3.
CRL repository in the CA certificate or CRL repository in the upper-level CA certificate if the CA
certificate is the certificate being verified.
After the previous selection process, if the CRL repository is not found, the device obtains the CRL
through SCEP. In this scenario, the CA certificate and the local certificates must have been obtained.
If an LDAP URL is specified, the device must connect to the LDAP server to obtain the CRL. If the
LDAP URL does not contain the address of the LDAP server, use the
ldap-server
command to
configure the server address in the PKI domain.
Examples
# Set the URL of the CRL repository to
http://169.254.0.30
.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] crl url http://169.254.0.30
# Set the URL of the CRL repository to
ldap://169.254.0.30
in MPLS L3VPN instance
vpn1
.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] crl url ldap://169.254.0.30 vpn-instance vpn1
Related commands
ldap-server
pki retrieve-crl
display pki certificate access-control-policy
Use
display pki certificate access-control-policy
to display information about certificate-based
access control policies.
Syntax
display pki certificate access-control-policy
[
policy-name
]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
policy-name
: Specifies a certificate-based access control policy by its name, a case-insensitive
string of 1 to 31 characters.
Содержание FlexNetwork 7500 Series
Страница 350: ...335 Related commands display port security port security enable ...
Страница 379: ...364 Sysname system view Sysname keychain abc mode absolute Sysname keychain abc tcp kind 252 ...
Страница 519: ...504 Related commands display ssh2 algorithm ssh2 algorithm cipher ssh2 algorithm key exchange ssh2 algorithm mac ...