Send documentation comments to mdsfeedback-doc@cisco.com
17-18
Cisco MDS 9000 Family Command Reference
OL-8413-07, Cisco MDS SAN-OS Release 3.x
Chapter 17 O Commands
ocsp url
ocsp url
To configure the HTTP URL of the Online Certificate Status Protocol (OCSP) for the trust point CA, use
the ocsp url command in trust point configuration submode. To discard the OCSP configuration, use the
no form of the command.
ocsp url url
no ocsp url url
Syntax Description
Defaults None.
Command Modes Trust point configuration submode.
Command History
Usage Guidelines The MDS switch uses the OCSP protocol to check the revocation status of a peer certificate (presented
to it during the security or authentication exchange for IKE or SSH, for example), only if the revocation
checking methods configured for the trust point include OCSP as one of the methods. OCSP checks the
certificate revocation status against the latest CRL on the CA using the online protocol, thereby
generating network traffic and also requiring that the OCSP service of the CA be available online in the
network.
On the other hand, if revocation checking is performed by the cached CRL at the MDS switch, no
network traffic is generated. The cached CRL doesn’t contain the latest revocation information.
You must authenticate the CA for the trust point before configuring the OCSP URL for it.
Examples The following example shows how to specify the URL for OCSP to use to check for revoked certificates.
switch# config terminal
switch(config)# crypto ca trustpoint admin-ca
switch(config-trustpoint)# ocsp url http://admin-ca.cisco.com/ocsp
The following example shows how to remove the URL for OCSP.
switch(config-trustpoint)# no ocsp url http://admin-ca.cisco.com/ocsp
url Specifies the OCSP URL. The maximum size is 512 characters.
Release Modification
3.0(1) This command was introduced.
To Next Page
Loading...
Need help?
General