Users Guide
crypto x509 ocsp
Configures the OCSP behavior.
Syntax
crypto x509 ocsp [nonce] [sign-requests]
Parameters
nonce Enter the keyword nonce to use the nonce feature for the OCSP requests to OCSP
responder communication. This is a one-time value that must be returned in the OCSP
response. If the OCSP responder is using precomputed responses, then it does not reply
with the nonce. The nonce feature is off by default. The no version of the command
disables the nonce feature.
sign-requests Enter the keyword sign-requests to sign the OCSP requests to OCSP responder
communication with the system’s own certificate so that the OCSP responder may verify
the requestor. The sign-requests feature is off by default. The no version of the
command disables signing of requests.
Defaults NA.
Command Modes CONFIGURATION
Command History
This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking
OS Command Line Reference Guide.
The following is a list of the Dell Networking OS version history for this command:
Version Description
9.11.0.0 Introduced the command.
Usage Information
The following RBAC roles are allowed to issue this command:
• sysadmin
• secadmin
Related Commands
• crypto ca-cert install
• crypto cert generate
• crypto cert install
crypto x509 revocation
Configure the revocation check behavior for the certificate.
Syntax
crypto x509 revocation ocsp {accept | reject}
Parameters
ocsp Enter the method used to check certificate revocation details. In this release, OCSP is
the only option that is supported. So, you can specify OCSP as the method-list value.
accept Enter the keyword accept to accept the presented certificate and log in if OCSP
retrieval fails.
X.509v3 1703