3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
198 CHAPTER 12: PKI CONFIGURATION
■ Specify CRL distribution point location
■ Configure CRL update period
■ Enable/Disable CRL check
■ Retrieve CRL
■ Verify certificate validity
Specifying CRL
Distribution Point
location
Perform the following configuration in PKI domain view.
By default, no CRL distribution point location is specified.
Configuring CRL Update
Period
CRL update period refers to the interval to download CRLs from CRL access server
to a local machine.
Perform the following configuration in PKI domain view.
By default, CRLs are updated according to their validity period.
n
CRL update period configured here takes priority of that specified in CRLs.
Enabling/Disabling CRL
Check
CRL check is optional for certificate validation. If it is enabled, you must check CRL
to decide on the certificate validity. The validation can be carried out directly in CA
center or locally with CRL downloaded.
Perform the following configuration in PKI domain view
By default, CRL check is enabled.
Retrieving a CRL Having finished the above configuration tasks, you can retrieve CRL in any view.
The purpose of downloading CRL is to verify the validity of the certificates on a
local device.
Perform the following configuration in system view.
Tabl e 208 Configure CRL distribution point location
Operation Command
Specify CRL distribution point location crl url url-string
Delete the location setting undo crl url
Tabl e 209 Configure CRL update period
Operation Command
Specify CRL update period crl update-period hours
Restore the default period undo crl update-period
Tabl e 210 Enable/disable CRL check
Operation Command
Enable CRL check crl check enable
Disable CRL check crl check disable