pki retrieve-crl

Use pki retrieve-crl to obtain CRLs and save them locally.

Syntax

pki retrieve-crl domain domain-name

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters. The domain name cannot contain the special characters listed in Table 36.

Table 36: Special characters

Character name

Symbol

Character name

Symbol

Tilde

~

Dot

.

Asterisk

*

Left angle bracket

<

Backslash

\

Right angle bracket

>

Vertical bar

|

Quotation marks

"

Colon

:

Apostrophe

'

Usage guidelines

CRLs are used to verify the validity of the local certificates and the peer certificates in a PKI domain. To obtain CRLs, a PKI domain must have the correct CA certificate.

The URL of the CRL repository is specified by using the crl url command.

The device can obtain CRLs from the CRL repository through the HTTP, LDAP, or SCEP protocol. Which protocol is used depends on the configuration of the CRL repository in the PKI domain:

Examples

# Obtain CRLs from the CRL repository.

<Sysname> system-view
[Sysname] pki retrieve-crl domain aaa

Related commands

crl url

ldap server