< Home

pki root-vsys validate-sslvpn-certificate enable

Function

The pki root-vsys validate-sslvpn-certificate enable command verifies the SSL VPN certificate chain in the virtual system of the root system.

The undo pki root-vsys validate-sslvpn-certificate enable command cancels the preceding configuration.

By default, the SSL VPN certificate chain in the root system is not verified.

Format

pki root-vsys validate-sslvpn-certificate enable

undo pki root-vsys validate-sslvpn-certificate enable

Parameters

None

Views

Virtual system view

Default Level

2: Configuration level

Usage Guidelines

After this command is run, the device verifies the SSL VPN certificate chain in the root system.

By default, users need to import certificate/CRL in the virtual system and configure PKI.

After the version of the virtual system is upgraded, you do not need to run this command again. Instead, the system automatically enables verification for the SSL VPN certificate chain in the virtual system of the root system. If you want to modify the PKI configuration, configure the PKI functions in the virtual system, and then run the undo pki root-vsys validate-sslvpn-certificate enable command to disable verification for SSL VPN certificate chain in the virtual system of the root system.

Example

# Verify the SSL VPN certificate chain in the root system.

<sysname> system-view
[sysname] vsys name vsys1
[sysname-vsys-vsys1] quit
[sysname] switch vsys vsys1
<sysname-vsys1> system-view
[sysname-vsys1] pki root-vsys validate-sslvpn-certificate enable
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >