Ocsp Url - Cisco MDS 9124 - Fabric Switch Reference

ocsp url

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
ocsp url
To configure the HTTP URL of the Online Certificate Status Protocol (OCSP) for the trust point CA, use
the ocsp url command in trust point configuration submode. To discard the OCSP configuration, use the
no form of the command.
Syntax Description url
Defaults None.
Command Modes
Trust point configuration submode.
Command History Release
3.0(1)
Usage Guidelines The MDS switch uses the OCSP protocol to check the revocation status of a peer certificate (presented
to it during the security or authentication exchange for IKE or SSH, for example), only if the revocation
checking methods configured for the trust point include OCSP as one of the methods. OCSP checks the
certificate revocation status against the latest CRL on the CA using the online protocol, thereby
generating network traffic and also requiring that the OCSP service of the CA be available online in the
network.
On the other hand, if revocation checking is performed by the cached CRL at the MDS switch, no
network traffic is generated. The cached CRL doesn't contain the latest revocation information.
You must authenticate the CA for the trust point before configuring the OCSP URL for it.
Examples
The following example shows how to specify the URL for OCSP to use to check for revoked certificates.
switch# config terminal
switch(config)# crypto ca trustpoint admin-ca
switch(config-trustpoint)# ocsp url http://admin-ca.cisco.com/ocsp
The following example shows how to remove the URL for OCSP.
switch(config-trustpoint)# no ocsp url http://admin-ca.cisco.com/ocsp
Cisco MDS 9000 Family Command Reference
17-22
ocsp url url
no ocsp url url
Specifies the OCSP URL. The maximum size is 512 characters.
Modification
This command was introduced.
Chapter 17 O Commands
OL-16217-01, Cisco MDS SAN-OS Release 3.x