The ike certificate-check disable command disables validity verification on certificates of all IKE peers.
The undo ike certificate-check disable command restores the default configuration.
By default, the device verifies certificates of all IKE peers.
Usage Scenario
When IPSec uses certificate authentication, users cannot update certificates after they become invalid, leading to unavailable certificates and IPSec authentication failure. If users still want to use these invalid certificates, run the ike certificate-check disable command to disable validity verification on certificates of all IKE peers. If users only want to disable validity verification on certificates of a specified IKE peer, run the certificate-check disable command.
Precautions
Disabling validity verification on certificates will lead to security risks.
If both ike certificate-check disable and certificate-access-policy commands are configured, the certificate-access-policy command does not take effect.