Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series Controller AOS
341342343344345346347348349350
crypto-local pki rcp
crypto-local pki rcp
<name> [crl-location <file>]|[enable-ocsp-responder]|[ocsp-responder-cert <ocsp-responder-
cert>]|[ocsp-signer-cert <ocsp-signer-cert>]|
[ocsp-url <ocsp-url>]|[revocation-check [None|<method1>|<method2>]]
Description
Use this command to specify the certificates used to sign OCSP for the revocation check point.
Syntax
Parameter Description
rcp
Specifies the revocation check point. A revocation
checkpoint is automatically created when a
TrustedCA or IntermediateCA certificate is
imported on the controller.
crl-location <file>
Location of the CRL that is used for the rcp. The
specified CRL filename must be previously
imported onto the controller before using this
option.
enable-ocsp-responder
Enables the OCSP Responder for this revocation
checkpoint. The default is disabled.
ocsp-responder-cert <ocsp-responder-cert>
Specifies the certificate that is used to verify
OCSP responses. The certificate name has to be
one of the certificates shown as output when the
CLI command
show crypto-local pki ocsprespondercert
is used.
ocsp-signer-cert <ocsp-signer-cert>
Specifies the certificate that is used to sign OCSP
responses for this revocation check point. The
OCSP signer certificate must be previously
imported on to the controller (using the WebUI).
The OCSP signer cert can be the same trusted CA
as the check point, a designated OCSP signer
certificate issued by the same CA as the check
point or some other local trusted authority.
If the ocsp-signer-cert is not specified, OCSP
responses are signed using the global OCSP
signer certificate. If that is not present, than an
error message is sent out to clients.
NOTE: The OCSP signer certificate (if configured)
takes precedence over the global OCSP signer
certificate as this is check point specific.
ocsp-url <ocsp-url>
Configures the OCSP Server URL. The URL has to
be in the form of
http://my.responder.com/path. This parameter
can contain only one responder URL at time.
Dell Networking W-Series ArubaOS 6.4.x | User Guide crypto-local pki rcp | 350