Last Modified: Oct 06, 2020
Opened: Apr 30, 2015
The tmsh command "tmsh run sys crypto check-cert" checks the validity of all the certificates and certificate bundles. However it will report the expiration of certificates in the bundle that may be unused. A new option is being added called "ignore-large-cert-bundles" for the command to indicate whether to ignore large certificate bundles (containing more than 20 certificates) during the check.
With this change, "tmsh run sys crypto check-cert ignore-large-cert-bundles enabled" will ignore those certificate bundles with large size (containing more than 20 certificates). "tmsh run sys crypto check-cert ignore-large-cert-bundles disabled" will not ignore anything, i.e., it checks all the certificates and bundles. The default value for ignore-large-cert-bundles is set to disabled. Therefore, the existing command "tmsh run sys crypto check-cert" won't change its existing behavior, i.e., it will still check the complete certificates and bundles.