The pki set-certificate check-period command sets the interval for the automatic check of certificate validity.
The pki set-certificate expire-prewarning command sets the pre-warning time for certificate expiration.
The undo pki set-certificate check-period command restores the default automatic certificate check interval.
The undo pki set-certificate expire-prewarning command restores the default pre-warning time for certificate expiration.
By default, the interval for the automatic check of certificate validity is 5 minutes, and the pre-warning time for certificate expiration is 90 days.
| Parameter | Description | Value |
|---|---|---|
| expire-prewarning prewarning-days |
Set the pre-warning time for certificate expiration. |
The value is an integer ranging from 7 to 180, in days. The default value is 90. |
| check-period period-value |
Set the interval for the automatic check of certificate validity. |
The value is an integer ranging from 5 to 1440, in minutes. The default value is 5. |
Usage Scenario
The device periodically checks the validity of all installed local certificates and CA certificates.
The check scope includes the certificate signature and validity period. The default check interval is 5 minutes. If a problem is detected, an alarm is generated. By default, the pre-warning time for certificate expiration is 90 days. That is, a warning is generated 90 days before the certificate expires to prompt users to obtain a new certificate in advance. To adjust the interval for the automatic check of certificate validity, run the pki set-certificate check-period command. To adjust the pre-warning time for certificate expiration, run the pki set-certificate expire-prewarning command.