display pki crl domain
Use display pki crl domain to display information about the CRL saved at the local for a PKI domain.
Syntax
display pki crl domain domain-name
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters. The domain name cannot contain the special characters listed in Table 27.
Table 27: Special characters
Character name | Symbol | Character name | Symbol |
|---|---|---|---|
Tilde | ~ | Dot | . |
Asterisk | * | Left angle bracket | < |
Backslash | \ | Right angle bracket | > |
Vertical bar | | | Quotation marks | " |
Colon | : | Apostrophe | ' |
Usage guidelines
Use this command to determine whether a certificate has been revoked.
Examples
# Display information about the CRL saved at the local for PKI domain aaa.
<Sysname> display pki crl domain aaa
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=cn/O=docm/OU=sec/CN=therootca
Last Update: Apr 28 01:42:13 2011 GMT
Next Update: NONE
CRL extensions:
X509v3 CRL Number:
6
X509v3 Authority Key Identifier:
keyid:49:25:DB:07:3A:C4:8A:C2:B5:A0:64:A5:F1:54:93:69:14:51:11:EF
Revoked Certificates:
Serial Number: CDE626BF7A44A727B25F9CD81475C004
Revocation Date: Apr 28 01:37:52 2011 GMT
CRL entry extensions:
Invalidity Date:
Apr 28 01:37:49 2011 GMT
Serial Number: FCADFA81E1F56F43D3F2D3EF7EB56DE5
Revocation Date: Apr 28 01:33:28 2011 GMT
CRL entry extensions:
Invalidity Date:
Apr 28 01:33:09 2011 GMT
Signature Algorithm: sha1WithRSAEncryption
57:ac:00:3e:1e:e2:5f:59:62:04:05:9b:c7:61:58:2a:df:a4:
5c:e5:c0:14:af:c8:e7:de:cf:2a:0a:31:7d:32:da:be:cd:6a:
36:b5:83:e8:95:06:bd:b4:c0:36:fe:91:7c:77:d9:00:0f:9e:
99:03:65:9e:0c:9c:16:22:ef:4a:40:ec:59:40:60:53:4a:fc:
8e:47:57:23:e0:75:0a:a4:1c:0e:2f:3d:e0:b2:87:4d:61:8a:
4a:cb:cb:37:af:51:bd:53:78:76:a1:16:3d:0b:89:01:91:61:
52:d0:6f:5c:09:59:15:be:b8:68:65:0c:5d:1b:a1:f8:42:04:
ba:aa
Table 28: Command output
Field | Description |
|---|---|
Version | CRL version number. |
Signature Algorithm | Signature algorithm used by the CA to sign the CRL. |
Issuer | Name of the CA that issued the CRL. |
Last Update | Most recent CRL update time. |
Next Update | Next CRL update time. |
X509v3 Authority Key Identifier | X509v3 ID of the CA that issues the CRL. |
keyid | Key ID. This field identifies the key pair used to sign the CRL. |
Signature Algorithm: | Signature algorithm and signature data. |
Related commands
pki retrieve-crl