Users Guide
crypto x509 ocsp
Congures the OCSP behavior.
Syntax
crypto x509 ocsp [nonce] [sign-requests]
Parameters
nonce Enter the keyword nonce to use the nonce feature for the OCSP requests to OCSP
responder communication. This is a one-time value that must be returned in the OCSP
response. If the OCSP responder is using precomputed responses, then it does not reply
with the nonce. The nonce feature is o by default. The no version of the command
disables the nonce feature.
sign-requests Enter the keyword sign-requests to sign the OCSP requests to OCSP responder
communication with the system’s own certicate so that the OCSP responder may verify
the requestor. The sign-requests feature is o by default. The no version of the command
disables signing of requests.
Defaults NA.
Command Modes CONFIGURATION
Command History
This guide is platform-specic. For command information about other platforms, see the relevant Dell Networking
OS Command Line Reference Guide.
The following is a list of the Dell Networking OS version history for this command:
Version Description
9.11.0.0 Introduced the command.
Usage Information
The following RBAC roles are allowed to issue this command:
• sysadmin
• secadmin
Related Commands
• crypto ca-cert install
• crypto cert generate
• crypto cert install
crypto x509 revocation
Congure the revocation check behavior for the certicate.
Syntax
crypto x509 revocation ocsp {accept | reject}
Parameters
ocsp Enter the method used to check certicate revocation details. In this release, OCSP is the
only option that is supported. So, you can specify OCSP as the method-list value.
accept Enter the keyword accept to accept the presented certicate and log in if OCSP
retrieval fails.
X.509v3 1709