3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
Displaying and Debugging 199
n
This operation will not be saved in configuration.
Verifying Certificate
Validity
You can verify the validity of a local certificate using the local keyword; or a CA
certificate using the ca keyword.
Perform the following configuration in system view.
n
This operation will not be saved in configuration.
Displaying and
Debugging
Displaying certificates
If the certificate retrieval succeeds, you can display the fields of the certificates
locally downloaded. Certificate format and fields comply with X.509 standard. All
kinds of identifying information about user and CA are included, such as user
email address; public key of the certificate holder; issuer, serial number, and
validity (period) of the certificate, etc.
Perform the following configuration in any view.
Displaying CRL
The fields of a CRL that is retrieved and locally downloaded can be displayed by
the following operation. CRL complies with X.509 standard, covering version,
signature (algorithm), issuer name, this update, next update, user public key,
signature value, serial number, and revocation date, etc.
Perform the following configuration in any view.
Tab le 211 Retrieve a CRL
Operation Command
Retrieve a CRL and download it locally pki retrieval crl domain domain-name
Tab le 212 Verify certificate validity
Operation Command
Verify the validity of a local certificate
pki validation certificate { local | ca }
domain domain-name
Tab le 213 Display certificates
Operation Command
Displaying certificates
display pki certificate { { local | ca } domain
domain-name | request-status }
Tab le 214 Display CRLs
Operation Command
Displaying CRLs display pki crl [ domain domain-name ]