3com MSR 20-20 참조 매뉴얼
2049
<Sysname> system-view
[Sysname] pki entity 1
[Sysname-pki-entity-1] country CN
crl check
Syntax
crl check { disable | enable }
View
PKI domain view
Parameter
disable: Disables CRL checking.
enable: Enables CRL checking.
Description
Use the crl check command to enable or disable CRL checking.
By default, CRL checking is enabled.
CRLs are files issued by the CA to distribute all certificates have been revoked.
Revocation of a certificate may occur before the certificate expires. CRL checking is
intended for checking whether a certificate has been revoked. A revoked
certificate is no longer trusted.
Revocation of a certificate may occur before the certificate expires. CRL checking is
intended for checking whether a certificate has been revoked. A revoked
certificate is no longer trusted.
Example
# Disable CRL checking.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] crl check disable
crl update-period
Syntax
crl update-period hours
undo crl update-period
View
PKI domain view
Parameter
hours: CRL update period, in the range 1 to 720 hours.
Description
Use the crl update-period command to set the CRL update period, that is, the
interval at which the PKI entity downloads the latest CRL.
interval at which the PKI entity downloads the latest CRL.
Use the undo crl update-period command to restore the default.
By default, the CRL update period depends on the next update field in the CRL
file.
file.
The CRL update period is the interval at which a PKI entity with a certificate
downloads a CRL from LDAP server.
downloads a CRL from LDAP server.