Destroying a local rsa key pair – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 657
68-10
To do…
Use the command…
Remarks
Set the CRL update period
crl update-period
hours
Optional
By default, the CRL update period
depends on the next update field in
the CRL file.
Enable CRL checking
crl check
enable
Optional
Enabled by default
Return to system view
quit
—
Retrieve the CA certificate
Refer to
Required
Retrieve CRLs
pki retrieval-crl domain
domain-name
Required
Verify the validity of a certificate
pki validate-certificate
{ ca |
local
} domain domain-name
Required
Configuring CRL-checking-disabled PKI certificate validation
Follow these steps to configure CRL-checking-disabled PKI certificate validation:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter PKI domain view
pki domain domain-name
—
Disable CRL checking
crl check
disable
Required
Enabled by default
Return to system view
quit
—
Retrieve the CA certificate
Refer to
Required
Verify the validity of the certificate
pki validate-certificate
{ ca |
local
} domain domain-name
Required
z
The CRL update period refers to the interval at which the entity downloads CRLs from the CRL
server. The CRL update period configured manually is prior to that specified in the CRLs.
z
The pki retrieval-crl domain configuration will not be saved in the configuration file.
Destroying a Local RSA Key Pair
A certificate has a lifetime, which is determined by the CA. When the private key leaks or the certificate
is about to expire, you can destroy the old RSA key pair and then create a pair to request a new
certificate.
Follow these steps to destroy a local RSA key pair: