OSCP
OCSP, or Online Certificate Status Protocol, is a protocol to validate whether certificates have been revoked.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy80MTcwMy81NDk1Mi9ja2ZpbmRlci9pbWFnZXMvcXUvMjAyNS9pbWFnZSgxOTEpLnBuZyIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTc2NzIwNTYxNX19fV19&Signature=mqd4curYFnx4vdwCBQ-fzfXIwMfbT493V4kWi~rqsLyLEKdvmCsO3CB2EMEVqwhMvNuJ~9NjNTWhP1How-glKSfeCQV3WuNZTuULXZZiGqklkXJVEd7u3-FNecaakjN98JN9QBIvmEAeLn~f8ggyzDXJ5orXG0I1Jjxw0i3FEn1TwY05627wnxxzJx6Gcpwf~z08jHUYEi7ymmjUXfV-fKVZJ9sXtQOp35Lmc91gZrqTbe20fPMRFO-xTejo0slqM1IWf2j8MxU6i6miaFoa4XbgYkETWKPNCpDirFOezlrRlFYFFk3pQwoFsJYaKwHIonf~E453wvF6WsTK-QBFhw__&Key-Pair-Id=K2TK3EG287XSFC)
System AAA OSCP Attributes
| Attribute |
Values |
Default |
Req |
Description |
| Ocsp-server-address |
IP address |
N/A |
Y |
The IP address of the server to use for validating certificates. |
| Ocsp-polling-freq |
Int32 |
300 |
Y |
The frequency for polling the OCSP server in seconds. |
| Use-ocsp-server-address |
true | false
|
true |
Y |
Whether to use the server address given in this configuration. If set to false, it will look for an address within the certificate.
|
| Enable-ocsp |
true | false |
false |
Y |
Whether to enable the OCSP server checks of certificates. |
Note 1: * = required parameter
- Command Path – tolt>system >aaa>oscp>
- Module – tolt
- Container – system
- Container – aaa
- Container – oscp
- Action – config
- Types – Input Parameters
- *Ocsp-server-address – The IP address of the server to use for validating certificates.
- *Ocsp-polling-freq – The IP address of the server to use for validating certificates.
- *Use ocsp-server-address – Whether to use the server address given in this configuration. If set to false, it will look for an address within the certificate.
- True | false (Default true (enabled))
- *Enable-ocsp – Whether to enable the OCSP server checks of certificates.
- True | false (Default false).
AAA Config OSCP Example
-
Command Path – tolt>system>aaa>oscp>
- Module – tolt
- Container – system
- Container – oscp
- Action – config
- Types – Example Parameters
- enable-ocsp – enabled
- ocsp-server-address – 192.168.1.100
- ocsp-polling-freq – 300
- use ocsp-server-address – true
- From the MDS1-ESUA<Config># command line, input tolt system aaa oscp enable-ocsp enabled ocsp-polling-freq 300 ocsp-server-address 192.168.1.100 use ocsp-server-address true, and press Enter.
- From the MDS1-ESUA<Config># command line, input commit, and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA<Config># tolt system aaa oscp enable-ocsp enabled
ocsp-polling-freq 300 ocsp-server-address 192.168.1.100 use ocsp-server-address true <enter>
MDS1-ESUA<Config># commit <enter>
Commit complete.
MDS1-ESUA<Config># _
|