The certificate update expire-time command sets the automatic certificate update time, which is expressed in the percentage of the duration of a certificate in the validity period of the certificate.
The undo certificate update expire-time command restores the default setting.
By default, the automatic certificate update time is when the duration of a certificate of the validity period of the certificate reaches 50 percentage.
Usage Scenario
A certificate authority (CA) specifies the validity period of a certificate before issuing the certificate. If a certificate has expired, the certificate cannot be used. You can run the certificate update expire-time command to set the time for updating certificates.
Prerequisites
Before you run the certificate update expire-time command, run the certificate auto-update enable command to enable the automatic certificate update function.
Configuration Impact
After you run the certificate update expire-time command on a device, the device automatically initiates a certificate update request to the connected CMPv2 server when the percentage of the duration of a certificate in the validity period of the certificate reaches a specified value.
<HUAWEI> system-view [~HUAWEI] pki domain domain1 [*HUAWEI-pki-domain-domain1] pki cmp session session1 [*HUAWEI-pki-domain-domain1-pki-cmp-session-session1] certificate update expire-time 60