R2511-HP MSR Router Series Security Command Reference(V5)
313
crl check
Use crl check to enable or disable CRL checking.
Syntax
crl check { disable | enable }
Default
CRL checking is enabled.
Views
PKI domain view
Default command level
2: System level
Parameters
disable: Disables CRL checking.
enable: Enables CRL checking.
Usage guidelines
CRLs are files issued by the CA to publish all certificates that have been revoked. Revocation of a
certificate might occur before the certificate expires. CRL checking is intended for checking whether a
certificate has been revoked. A revoked certificate is no longer trusted.
Examples
# Disable CRL checking.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] crl check disable
crl update-period
Use crl update-period to set the CRL update period, that is, the interval at which a PKI entity with a
certificate downloads the latest CRL from the LDAP server.
Use undo crl update-period to restore the default.
Syntax
crl update-period hours
undo crl update-period
Default
The CRL update period depends on the next update field in the CRL file.
Views
PKI domain view
Default command level
2: System level
Parameters
hours: Specifies the CRL update period in hours, in the range of 1 to 720.