Administrator Guide
When you use this command, the device maps the current certificate context in the certificate store to a CA
certificate through the subject key identifier field. The subject key identifier field contains the SHA-1 hash of the
CA’s public key. This configuration provides a way to uniquely identify a CA and associate it with any CA-specific
settings.
This context is used to store certificate-specific settings such as alternate CRL and OCSP locations. Incoming
X.509 certificates whose AuthorityKeyIdentifierextensions match the configured subject key identifier
has these settings applied to them.
The crypto x509 ca-keyid command when used with the ocsp-server command in the global
configuration mode creates a per-certificate configuration context under which the remaining commands are
entered.
Related
Commands
• ocsp-server
• crypto x509 ocsp
ocsp-server
Configures OCSP server on a CA.
Syntax
ocsp-server url [nonce] [sign-requests]
Parameters
url
Enter the URL for the OCSP responder using standard URI format. Either http or https
protocol can be used. For example, http://[1100::101]:8888.
nonce Enter the keyword nonce to use the nonce feature for the OCSP requests to OCSP
responder communication. This number is a one-time value that must be returned in the
OCSP response. If the OCSP responder is using precomputed responses, then it does not
reply with the nonce. The nonce feature is off by default. The no version of the command
disables the nonce feature.
sign-requests Enter the keyword sign-requests to sign the OCSP requests to OCSP responder
communication with the system’s own certificate so that the OCSP responder may verify
the requestor. The sign-requests feature is off by default. The no version of the command
disables signing of requests.
Defaults None.
Command Modes CERTIFICATE
Command History
This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking
OS Command Line Reference Guide.
The following is a list of the Dell Networking OS version history for this command:
Version Description
9.11.0.0 Introduced this command.
Usage Information The following RBAC roles are allowed to issue this command:
• sysadmin
• secadmin
Multiple OCSP responders may be configured per CA. The system tries each one until it gets a valid response. No
priority may be specified or guaranteed; the system tries them in the order in which they were configured.
Related
Commands
• crypto x509 ocsp
ocsp-server prefer
Configures OCSP responder preference. You can configure the preference or order that the CA or a device should follow while contacting
multiple OCSP responders.
Syntax
ocsp-server prefer
X.509v3 1735