crl ldap

Function

The crl ldap command configures the automatic update of the CRL through LDAP.

The undo crl ldap command cancels the automatic update of the CRL through LDAP.

By default, the CRL is updated automatically through HTTP.

Format

crl ldap [ attribute attr-value ] dn dn-value

undo crl ldap [ attribute attr-value ] dn dn-value

Parameters

Parameter Description Value
attribute attr-value

Specifies the attribute value that the device uses when obtaining the CRL from the LDAP server.

The value is a string of 1 to 63 case-sensitive characters.
dn dn-value

Specifies the ID that the device uses when obtaining the CRL from the LDAP server. The ID is generally composed of the information such as the user common name, organization name, country, or the name of the certificate holder.

The value is a string of 1 to 255 case-sensitive characters in text format, spaces supported.

Views

PKI domain name configuration view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
pki write

Usage Guidelines

Usage Scenario

To use LDAP for updating the CRL automatically, run the crl ldap command first.

You should first run the crl ldap command to configure the automatic update of the CRL through LDAP, and then run the crl ldap dn command.

Note the following when the device automatically updates the CRL through LDAP:

  • The CRL file cannot exceed 1 MB.
  • There is sufficient space in the CF card for the CRL file.

Example

# Configure the automatic update of the CRL through LADP.
<HUAWEI> system-view
[~HUAWEI] pki domain domain1
[*HUAWEI-pki-domain-domain1] crl ldap dn huawei1
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >