< Home

(Optional) Disabling Validity Verification on Certificates

Context

When IPSec uses certificate authentication, users cannot update certificates after they become invalid, leading to unavailable certificates and IPSec authentication failure. If users still want to use invalid certificates, you can disable validity verification on certificates.

You can disable validity verification on certificates in the system view or IKE peer view. If you disable validity verification on certificates in the system view, the device does not verify certificates of all IKE peers.

Procedure

  • System view
    1. Run system-view

      The system view is displayed.

    2. Run ike certificate-check disable

      The device is configured not to verify certificates of all IKE peer.

      By default, the device verifies certificates of all IKE peer.

  • IKE peer view
    1. Run system-view

      The system view is displayed.

    2. Run ike peer peer-name

      The IKE peer view is displayed.

    3. Run certificate-check disable

      The device is configured not to verify certificates of an IKE peer.

      By default, the device verifies certificates of an IKE peer.

Parent Topic: Configuring IKE-CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >