The cdp-url command configures the CRL distribution point (CDP) URL.
The undo cdp-url command deletes the configured CDP URL.
By default, no CDP URL is configured.
Parameter |
Description |
Value |
|---|---|---|
esc |
Indicates that the URL address is in ASCII mode. |
- |
url-addr |
Specifies the CDP URL. |
The value is a string starting with http:// and consisting of 1 to 128 case-sensitive characters without spaces. |
from-ca |
Specifies that the CDP URL address is obtained from the CA certificate. |
- |
Usage Scenario
When a PKI entity needs to use HTTP to update CRL, it must set up a connection with the HTTP server based on CDP URL, and obtain the CRL from the HTTP server. By default, a PKI entity locates and downloads CRL based on the method (HTTP) in the CDP information of the local certificate. If you do not want to download CRL based on the CDP URL in the local certificate, run this command to configure the PKI entity to obtain CDP URL from the CA certificate or manually configure the CDP URL.
When CRL is automatically updated by SCEP, you can also manually configure a CDP URL address.
Precautions
Manually configuring a CDP URL address overwrites the CDP carried in the certificate. If the certificate does not contain CDP information and no CDP URL address is manually configured, the device requests the CRL from the CA server using SCEP.
Keyword esc only supports the URLs that include the question mark (?) in ASCII code. The URL must be in \x3f format, and 3f is the hexadecimal ASCII code for the question mark (?). For example, if a user wants to enter http://***.com?page1, the URL is http://***.com\x3fpage1. If a user wants to enter http://www.***.com?page1\x3f that includes both a question mark (?) and \x3f, the URL is http://www.***.com\x3fpage1\\x3f.
# Set the CDP URL to http://10.1.1.1/certenroll/ca_root.crl.
<HUAWEI> system-view [HUAWEI] pki realm d1 [HUAWEI-pki-realm-d1] crl scep [HUAWEI-pki-realm-d1] cdp-url http://10.1.1.1/certenroll/ca_root.crl
# Set the CDP URL to http://www.***.com/certenroll/ca_root.crl.
<HUAWEI> system-view [HUAWEI] pki realm d1 [HUAWEI-pki-realm-d1] crl scep [HUAWEI-pki-realm-d1] cdp-url http://www.***.com/certenroll/ca_root.crl