After completing the above configuration, you need to perform CRL related configurations.
In this example, select the local CRL publishing mode of HTTP and set the HTTP URL to http://4.4.4.133:447/myca.crl.
After the above configuration, make sure that the system clock of the Switch is synchronous to that of the CA, so that the Switch can request certificates and retrieve CRLs properly.
Table 146 Configure Switch
# Create a PKI entity.
∙Select Authentication PKI from the navigation tree. The PKI entity list page is displayed by default. Click Add on the page, as shown in b, and then perform the following configurations as shown in c.
b.PKI entity list
c.Configure a PKI entity
∙Type aaa as the PKI entity name.
∙Type ac as the common name.
∙Click Apply.
# Create a PKI domain.
∙Select the Domain tab, and then click Add, as shown in d, and then perform the following configurations as shown in e.
398