Revocation-Check - Cisco Nexus 7000 Series Command Reference Manual

R Commands

revocation-check

To configure trustpoint revocation check methods, use the revocation-check command. To discard the
revocation check configuration, use the no form of this command.
revocation-check {crl [none]| none}
no revocation-check {crl [none]| none}
Syntax Description
crl
none
Command Default
By default, the revocation checking method for a trustpoint is CRL.
Command Modes
Trustpoint configuration
Command History
Release
4.1(2)
Usage Guidelines
A revocation check can perform one or more of the methods which you specify as an ordered list. During
peer certificate verification, each method is tried in the specified order until one method succeeds by providing
the revocation status. When you specify none as the method, it means that there is no need to check the
revocation status, and the peer certificate is not revoked. If none is the first method that you specify in the
method list, you cannot specify subsequent methods because checking is not required.
This command does not require a license.
Examples This example shows how to check for revoked certificates in the locally stored CRL:
switch(config-trustpoint)# revocation-check crl
This example shows how to do no checking for revoked certificates:
switch(config-trustpoint)# revocation-check none
Related Commands
Command
crypto ca crl-request
Specifies the locally stored certificate revocation list
(CRL) as the place to check for revoked certificates.
(Optional) Specifies that no checking is performed
for revoked certificates.
Modification
This command was introduced.
Description
Configures a CRL or overwrites the existing one for
the trustpoint CA.
Cisco Nexus 7000 Series Security Command Reference
revocation-check
623