Table of Contents
Advertisement
Chapter 12. Crypto Certificate Monitor configuration mode
This chapter provides an alphabetic listing of commands that are available in
Crypto Certificate Monitor configuration mode. To enter this configuration mode,
use the crypto cert-monitor command.
All of the commands that are listed in "Common commands" on page 2 and most,
but not all, of the commands that are listed in Chapter 114, "Monitoring
commands," on page 949 are also available in Crypto Certificate Monitor
configuration mode.
disable-expired-certs
Specifies system usage of an expired certificate.
Syntax
disable-expired-certs {on | off}
Parameters
on
off
Examples
v Specifies that all objects that use or reference a certificate are disabled on
v Restores the default state. Objects that use or refer to a certificate are not
© Copyright IBM Corp. 1999, 2008
Specifies that on certificate expiration all objects that use the expired
certificate (either directly or through inheritance) are disabled and are no
longer in service. For example, certificate expiration triggers the disable of
the associated crypto certificate object. Disable of the crypto certificate
object triggers disable of all Firewall Credential Lists, Identification
Credential Sets, and Validation Credential Lists that use the expired
certificate. In turn crypto profiles that use disabled Identification Credential
Sets and Validation Credential Lists are disabled, leading to the disable of
SSL Proxy Profiles dependent on now-disabled crypto profiles. Ultimately
XML Firewalls, XSL Proxies, and XML managers may be disabled as the
result of certificate expiration.
(Default) Specifies that the certificate object and objects using the expired
certificate are not disabled upon certificate expiration.
certificate expiration.
# disable-expired-certs on
#
disabled on certificate expiration.
# disable-expired-certs off
#
or
# no disable-expired-certs
#
243
Advertisement
Table of Contents
