R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

141

142

143

144

145

146

147

148

149

150

134

Examples

# Display the locally saved CRLs.

<Sysname> display pki crl domain 1

Certificate Revocation List (CRL):

Version 2 (0x1)

Signature Algorithm: sha1WithRSAEncryption

Issuer:

C=CN

O=abc

OU=soft

CN=A Test Root

Last Update: Jan 5 08:44:19 2004 GMT

Next Update: Jan 5 21:42:13 2004 GMT

CRL extensions:

X509v3 Authority Key Identifier:

keyid:0F71448E E075CAB8 ADDB3A12 0B747387 45D612EC

Revoked Certificates:

Serial Number: 05a234448E…

Revocation Date: Sep 6 12:33:22 2004 GMT

CRL entry extensions:…

Serial Number: 05a278445E…

Revocation Date: Sep 7 12:33:22 2004 GMT

CRL entry extensions:…

Table 31 Command output

Field Description

Version Version of the CRL

Signature Algorithm Signature algorithm used by the CRLs

Issuer CA issuing the CRLs

Last Update Last update time

Next Update Next update time

CRL extensions Extensions of CRL

X509v3 Authority Key Identifier CA issuing the CRLs. The certificate version is X.509 v3.

keyid

ID of the public key

A CA might have multiple key pairs. This field indicates the key

pair used by the CRL's signature.

Revoked Certificates Revoked certificates

Serial Number Serial number of the revoked certificate

Revocation Date Revocation date of the certificate

fqdn

Syntax

fqdn name-str