< Home

PKI/4/CRL_EXPIRED

Message

PKI/4/CRL_EXPIRED: CRL ([issuer_name]) has expired for [day] days.

Description

A CRL expired.

Parameters

Parameter Name Parameter Meaning

issuer_name

Specifies the name of the CRL issuer.

day

Specifies the number of days after the CRL expired.

Possible Causes

  • The device failed to automatically update the CRL.
  • The CRL was not updated manually.

Procedure

  • Automatic CRL update
    1. Check the link between the device and CRL distribution server.

      If the link is not working properly, ensure that it is working properly.

    2. Check whether automatic CRL update is enabled.

      If automatic CRL update is disabled, run the crl auto-update enable command in the PKI realm view to enable it.

    3. Check whether the CRL-related PKI configuration is correct, including the URL of the CRL distribution point (CDP) and CRL update mode.

      If the configuration is incorrect, modify the configuration to ensure that it is correct.

  • Manual CRL update
    1. Select the manual CRL update mode based on the service modes provided by CA and supported by the device, for example, run the pki http command in the system view to download a CRL using HTTP.
    2. Run the pki import-crl command in the system view to import the CRL to the device memory.
Parent Topic: PKI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >