< Home

certificate-check disable

Function

The certificate-check disable command disables validity verification on certificates of an IKE peer.

The undo certificate-check disable command restores the default configuration.

By default, the device verifies certificates of an IKE peer.

Format

certificate-check disable

undo certificate-check disable

Parameters

None

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When IPSec uses certificate authentication, users cannot update certificates after they become invalid, leading to unavailable certificates and IPSec authentication failure. If users still want to use these invalid certificates, run the certificate-check disable command to disable validity verification on certificates of an IKE peer. If users do not want to verify certificates of all IKE peers, run the ike certificate-check disable command.

Precautions

Disabling validity verification on certificates will lead to security risks.

If both certificate-check disable and certificate-access-policy commands are configured, the certificate-access-policy command does not take effect.

Example

# Configure the device not to verify certificates of an IKE peer.

<sysname> system-view
[sysname] ike peer peer1
[sysname-ike-peer-peer1] certificate-check disable
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >