[x]

PKI commands > crl url

 

 Next

crl url

Use crl url to specify the URL of the CRL repository.

Use undo crl url to restore the default.

Syntax

crl url url-string [ vpn-instance vpn-instance-name ]

undo crl url

Default

The URL of the CRL repository is not specified.

Views

PKI domain view

Predefined user roles

network-admin

mdc-admin

Parameters

url-string: Specifies the URL of the CRL repository, a case-sensitive string of 1 to 511 characters. The URL format is ldap://server_location or http://server_location. The URL length is restricted by the CLI string limitation or the url-string parameter, whichever is smaller.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the CRL repository is on the public network, do not specify this option.

Usage guidelines

To use CRL checking, a CRL must be obtained from a CRL repository.

The device selects a CRL repository in the following order:

  1. CRL repository specified in the PKI domain by using this command.

  2. CRL repository in the certificate that is being verified.

  3. CRL repository in the CA certificate or CRL repository in the upper-level CA certificate if the CA certificate is the certificate being verified.

After the previous selection process, if the CRL repository is not found, the device obtains the CRL through SCEP. In this scenario, the CA certificate and the local certificates must have been obtained.

If an LDAP URL is specified, the device must connect to the LDAP server to obtain the CRL. If the LDAP URL does not contain the address of the LDAP server, use the ldap-server command to configure the server address in the PKI domain.

Examples

# Set the URL of the CRL repository to http://169.254.0.30.

<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] crl url http://169.254.0.30

# Set the URL of the CRL repository to ldap://169.254.0.30 in MPLS L3VPN instance vpn1.

<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] crl url ldap://169.254.0.30 vpn-instance vpn1

Related commands

ldap-server

pki retrieve-crl

prev

 

up

 next

crl check enable 

home

 display pki certificate access-control-policy

© Copyright 2018 Hewlett Packard Enterprise Development LP