The cdp-url command configures the CRL distribution point (CDP) URL.
The undo cdp-url command deletes the configured CDP URL.
By default, no CDP URL is configured.
| Parameter | Description | Value |
|---|---|---|
| esc | Indicates that the URL address is in ASCII mode. | - |
| url-addr | Specifies the CDP URL. | The value is a string starting with http:// and consisting of 1 to 128 case-sensitive characters without spaces. |
| from-ca | Specifies that the CDP URL address is obtained from the CA certificate. | - |
When a PKI entity needs to use HTTP to update CRL, it must set up a connection with the HTTP server based on CDP URL, and obtain the CRL from the HTTP server. With this command, you can configure the PKI entity to obtain CDP URL from the CA certificate or manually configure the CDP URL.
When CRL is automatically updated by SCEP, you can also manually configure a CDP URL address.
Configuration ImpactIf the certificate does not contain CDP information and no CDP URL address is manually configured, the device requests the CRL from the CA server using SCEP.
A command cannot include a question mark (?), Keyword esc only supports the URLs that include the question mark (?) in the ASCII code. The URL must be in \x3f format, and 3f is the hexadecimal ASCII code for the question mark (?). For example, if a user wants to enter http://abc.com?page1, the URL is http://abc.com\x3fpage1. If a user wants to enter http://www.abc.com?page1\x3f that includes both a question mark (?) and \x3f, the URL is http://www.abc.com\x3fpage1\\x3f.
# Set the CDP URL to http://10.1.1.1/certenroll/ca_root.crl.
<sysname> system-view [sysname] pki realm d1 [sysname-pki-realm-d1] crl scep [sysname-pki-realm-d1] cdp-url http://10.1.1.1/certenroll/ca_root.crl
# Set the CDP URL to http://www.abc.com/certenroll/ca_root.crl.
<sysname> system-view [sysname] pki realm d1 [sysname-pki-realm-d1] crl scep [sysname-pki-realm-d1] cdp-url http://www.abc.com/certenroll/ca_root.crl