< Home

pki validate-certificate

Function

The pki validate-certificate command allows you to verify the validity of a CA certificate or a local certificate.

Format

pki validate-certificate { ca | local } realm realm-name

Parameters

Parameter Description Value
ca Checks validity of the CA certificate. -
local Checks validity of the local certificate. -
realm realm-name Specifies the PKI realm name of a certificate to be checked.

The value must be an existing PKI realm name.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When an end entity verifies a peer certificate, it checks the status of the peer certificate. For example, the end entity checks whether the peer certificate has expired and whether the certificate is in a CRL.

To verify the validity of a CA certificate or a local certificate, run the pki validate-certificate command.

Prerequisites

A PKI realm has been configured using the pki realm (system view) command.

Precautions

The pki validate-certificate ca command allows you to verify only the root CA certificate, but not subordinate CA certificates. When multiple CA certificates are imported on a device, you can use only the pki validate-certificate local command to verify the validity of subordinate certificates.

Example

# Configure the device to check validity of the local certificate using CRL.
<HUAWEI> system-view
[HUAWEI] pki realm abc
[HUAWEI-pki-realm-abc] certificate-check crl
[HUAWEI-pki-realm-abc] quit
[HUAWEI] pki validate-certificate local realm abc
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >