The software crl load command loads a digital signature certificate revocation list (CRL) file to the main control board. The command also supports verifying whether the digital signature of the big package or patch (module) package expires and echoes the prompt on the command line.
| Parameter | Description | Value |
|---|---|---|
| crlName |
Specifies a CRL name. |
The value is a string of 5 to 63 case-insensitive characters, spaces not supported. The file name is determined by the uploaded file and must be the same as the name of the uploaded file. The CRL file must be in the flash directory of the main control board. |
Usage Scenario
The lifetime of a certificate is limited. A certificate authority (CA) can revoke a certificate to shorten its lifetime. A CRL is a list of certificates that have been revoked, and therefore should not be relied upon. The CRL is issued by a CA. If a CA revokes a certificate, the key pair defined in the certificate can no longer be used even if the certificate does not expire. After a certificate in a CRL expires, the certificate is deleted from the CRL to shorten the CRL.
If an issued digital signature certificate needs to be revoked due to key disclosure or other reasons, a third-party tool can be used to mark the certificate invalid and add the certificate to a digital certificate CRL. To load the latest digital signature CRL file to a device, run the software crl load command.
Precautions
In VS mode, this command is supported only by the admin VS.