Importing a CRL
Importing the MEF Center CRL
MEF Edge allows you to import the MEF Center CRL to verify the validity of the MEF Center service certificate.
- Log in to the MEF Edge device environment as the root user.
- Run the following command to switch to the directory where run.sh is located:
cd Installation_directory/MEFEdge/software/
- After authenticating the interconnection and configuring the NMS, run the following command to import the MEF Center CRL to MEF Edge. The CRL must be in PEM format and within the validity period.
./run.sh importcrl -crl_path=Path_of_the_CRL_file -peer= mef_center
If the following information is displayed, the MEF Center CRL is successfully imported:Execute [importcrl] command success!
After the NMS is reconfigured, MEF Edge clears the imported MEF Center CRL.
Table 1 importcrl description Parameter
Mandatory/Optional
Description
crl_path
Mandatory
The path does not support soft links and must be an absolute path. The path length must be less than 4096 characters, the number of directory levels must be less than 99, and users in the same group and other users do not have the write permission. The owner must be root.
The owner of the file specified by crl_path must be root. Users in the same group and other users do not have the write permission on the file, and the file size cannot exceed 1 MB.
peer
Mandatory
Only mef_center is supported.
Importing the CRL of a Third-Party Management Platform
MEF Center can import the CRL chain corresponding to the root certificate chain of the integrated platform that interconnects with MEF Center. The CRL chain can be used to revoke the RESTful request access permission of the revoked integrated platform's service certificate.
- Method 1: Call Importing a CRL to import the CRL of a third-party management platform.
- Method 2: Import the CRL of a third-party management platform using commands. The following describes the procedure.
- Log in to the MEF Center device environment as the root user.
- Go to the path where run.sh is stored. The default installation directory is /usr/local.
cd Installation_path/MEF-Center/mef-center
- Import the CRL to MEF Center after interconnecting with the user management platform. The CRL must be in PEM format and must be within the validity period. The CRL must have the same number of levels as the integrated platform's root certificate chain. In addition, the CRL must contain the revocation list signed by each level of the root certificate in the root certificate chain. If you run this command repeatedly, the imported CRL will be updated. After the CRL is imported, you need to manually restart MEF Center for the CRL to take effect.
./run.sh importcrl -crl_path=Path_of_the_CRL_file-peer=north
If the following information is displayed, the CRL of the third-party management platform is successfully imported:import crl successful
After the certificate of the third-party management platform is imported again, MEF Center clears the previously imported CRL.
Table 2 importcrl description Parameter
Mandatory/Optional
Description
crl_path
Mandatory
Path of the imported CRL file, which must be an absolute path and cannot contain soft links. The path length must be less than 4096 characters and the size cannot exceed 1 MB.
peer
Mandatory
Usage of the imported CRL. The value can only be north, indicating that the CRL of the integrated platform is imported.