››

OLT CLI Setup

Manage and edit OCSP-based (PKI) certificate validation configuration. The PKI trustpoint is also known as an anchor certificate and defines the list of CAs or Certificate Authorities that the OLT will trust. The OLT will trust any connection where the offered certificate can be validated with one of the trust anchors that have been configured. The user must be a certified admin to manage the Trust Anchors.

Command Path - ne>security
Action -
- pki-ca-trustpoint - Public Key Infrastructure Certificate Authority trust point management
  - Online-Certificate-Status-Protocol - manage OCSP-based (PKI) certificate validation configuration
    - edit - edit OCSP configuration
      - admin= - enable/disable use of OCSP for certificate revocation checks
        
        enabled|disabled
      - conflict-preference= - preference which OCSP server when certificate's embedded URL and configured URL conflict
        
        configured-url|certificate-url
      - polling-frequency=- interval to poll for expired certificates
        
        (hours)
      - url= - server to use for certificate revocation checks
    - show - display ocsp configuration

To enable the OCSP on the OLT use the following steps.

From the ESUx> command line, input ne security pki-ca-trustpoint online-certificate-status-protocol edit admin=enabled polling-frequency=24 url=https://ocsp-server.tellabs.com/authenticate conflict-preference=certificate-url, and press Enter.

ESUx> ne security pki-ca-trustpoint online-certificate-status-protocol 
edit admin=enabled polling-frequency=24 url=https://ocsp-server.tellabs.com/authenticate 
conflict-preference=certificate-url <enter>  
Success. 
ESUx>_

To display the current OCSP Configuration, enter the following command:

From the ESUx command line, input ne security pki-ca-trustpoint show ocsp, and press Enter. Output similar to the following is displayed:

ESUx> ne security pki-ca-trustpoint show ocsp <enter> 

| OCSP Configuration                                                 |
|=================================================================== |
|=================================================================== |
| enabled             : enabled                                      |
| url                 : https://ocsp-server.tellabs.com/authenticate |
| polling-frequency   : 24                                           |
| conflict-preference : certificate-url                              |
|                                                                    | 
|=================================================================== |

ESUx> _

FEEDBACK: Are you happy with this material?

Thank you Your feedback helps us to continually improve our content.