Alcatel-Lucent 7450 System Management Manual page 156

Public Key Infrastructure (PKI) Commands
same-recipnonce-for-pollreq
Syntax [no] same-recipnonce-for-pollreq
Context config>system>security>pki>ca-profile>cmp2
Description
This command enables the system to use same recipNonce as the last CMPv2 response for poll
request.
Default none
crl-file
Syntax crl-file filename
no crl-file
Context config>system>security>pki>ca-profile
Description
This command specifies the name of a file in cf3:\system-pki\crl as the Certification Revoke List file
of the ca-profile.
Notes:
The no form of the command removes the filename from the configuration.
Default none
Parameters filename — Specifies the name of CRL file stored in cf3:\system-pki\crl.
ocsp
Syntax ocsp
Context config>system>security>pki>ca-profile
Description
This command enables the context to configure OCSP parameters.
Page 156
• The system will perform following checks against configured crl-file when a no shutdown com-
mand is issued:
→ A valid cert-file of the ca-profile must be already configured.
→ Configured crl-file must be a DER formatted CRLv2 file.
→ All non-optional fields defined in section 5.1 of RFC5280 must exist and conform to
the RFC5280 defined format.
→ Check the version field to see if its value is 0x1.
→ Delta CRL Indicator must NOT exists (delta CRL is not supported).
→ CRL's signature must be verified by using the cert-file of ca-profile.
If any of above checks fail, the no shutdown command will fail.
• Changing or removing the crl-file is only allowed when the ca-profile is in a shutdown state.
7450 ESS System Mangement Guide