Certificate revocation refers to that the CA revokes a certificate when the certificate expires or becomes invalid. A local certificate may be revoked in the following conditions:

When receiving the peer's certificate, the device needs to check whether the certificate is revoked by the CA. To ensure the validity of the peer's certificate, the most convenient way is to download the latest certificate from the peer and CA during each authentication. This method, however, is system-resource-consuming, and re-authentication delay may result in re-establishing the connection, which affects the communications between devices.

The problem can be solved in the following methods:

The device can update the CRL in the following methods:

Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >