HP MSR2000/3000/4000 Router Series Security Command Reference
186
• If the PKI domain is not configured with the CRL repository, the device looks up the local certificates
and then the CA certificate for the CRL repository. If a CRL repository is found, the device obtains
CRLs from the point. Otherwise, the device obtains CRLs through the SCEP protocol.
Examples
# Obtain CRLs from the CRL repository.
<Sysname> system-view
[Sysname] pki retrieve-crl domain aaa
Related commands
• crl url
• ldap server
pki storage
Use pki storage to specify the storage path for the certificates or CRLs.
Use undo pki storage to restore the default.
Syntax
pki storage { certificates | crls } dir-path
undo pki storage { certificates | crls }
Default
The storage path for the certificates and CRLs is the PKI directory on the storage media of the device.
Views
System view
Predefined user roles
network-admin
Parameters
certificates: Specifies a storage path for the certificates.
crls: Specifies a storage path for the CRLs.
dir-path: Specifies a storage path, a case-sensitive string, which cannot start with a slash (/) or contains
two dots plus a slash (../). The dir-path argument specifies an absolute path or a relative path, and the
path must exist.
Usage guidelines
The specified storage path is a path on the active MPU rather than on other MPUs.
The default PKI directory on the device is automatically created when you successfully request, obtain, or
import a certificate for the first time.
If the path to be specified does not exist, you must use the mkdir command to create the path before using
this command. After you change the storage path for the certificates or CRLs, the certificate files (with the
file extension .cer or .p12) and CRL files (with the extension .crl) in the original path are moved to the new
path. The other types of files are not moved.
Examples
# Specifies flash:/pki-new as the storage path for the certificates.