Related Commands - Dell PowerConnect W-7200 Series Reference Manual

Parameter
<certname>
<filename>
TrustedCA
<certname>
<filename>
global-ocsp-signer-cert
rcp <name>
service-ocsp-responder
Usage Guidelines
This command lets you configure the controller to perform real-time certificate revocation checks using the Online
Certificate Status Protocol (OCSP) or traditional certificate validation using the Certificate Revocation List (CRL)
client. Refer to the Certificate Revocation chapter in the Dell PowerConnect W-Series ArubaOS 6.2 User Guide for
more information on how to configure this feature using both the WebUI and CLI.
Example
This example configures the controller as an OCSP responder.
The revocation check point is specified as CAroot. (The revocation check point CAroot was automatically created
when the CAroot certificate was previously uploaded to this controller.) The OCSP signer certificate is RootCA-
Ocsp_signer. The CRL file is Security1-WIN-05PRGNGEKAO-CA-unrevoked.crl The OCSP responder is enabled.
crypto-local pki service-ocsp-responder
crypto-local pki rcp CARoot
ocsp-signer-cert RootCA-Ocsp_signer
crl-location file Security1-WIN-05PRGNGEKAO-CA-unrevoked.crl
enable-ocsp-responder

Related Commands

Command
crypto-local pki rcp
show crypto-local pki
Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide
Description
Name of the signer certificate.
Original imported filename of the signer certificate.
Trusted CA certificate. This can be either a root CA or intermediate CA. Dell encourages
(but does not require) an intermediate CA's signing CA to be the controller itself.
Name of the signer certificate.
Original imported filename of the signer certificate.
Specifies the global OCSP signer certificate to use when signing OCSP responses if
there is no check point specific OSCP signer certificate present. If the ocsp-signer-cert
is not specified, OCSP responses are signed using the global OCSP signer certificate. If
this is not present, than an error message is sent out to clients.
NOTE: The OCSP signer certificate (if configured) takes precedence over the global
OCSP signer certificate as this is check point specific.
Specifies the revocation check point. A revocation checkpoint is automatically created
when a TrustedCA or IntermediateCA certificate is imported on the controller.
This is a global knob that turns the OCSP responder on or off. The default is off
(disabled). To enable this option a CRL must be configured for this revocation checkpoint
as this is the source of revocation information in the OCSP responses.
Description
Specifies the certificates that are used to sign OCSP
responses for this revocation check point
This command shows local certificate, OCSP signer or
responder certificate and CRL data and statistics.
Mode
Config mode
Config mode
crypto-local pki | 231