Manualshelf

CLI Guide

ManualsBrandsDell ManualsAccess PlatformsOS9
1701170217031704170517061707170817091710
NOTE: To get the subject key identifier details, enter the show crypto ca-
cert command. This command displays the CA certificate details.
Defaults None.
Command Modes
CONFIGURATION Mode
Command
History
This guide is platform-specific. For command information about other platforms, see the relevant Dell
EMC Networking OS Command Line Reference Guide.
The following is a list of the Dell EMC Networking OS version history for this command:
Version Description
9.11.0.0 Introduced this command.
Usage
Information
The following RBAC roles are allowed to issue this command:
sysadmin
secadmin
When you use this command, the device maps the current certificate context in the certificate store to a
CA certificate through the subject key identifier field. The subject key identifier field contains the SHA-1
hash of the CAs public key. This configuration provides a way to uniquely identify a CA and associate it
with any CA-specific settings.
This context is used to store certificate-specific settings such as alternate CRL and OCSP locations.
Incoming X.509 certificates whose AuthorityKeyIdentifierextensions match the configured
subject key identifier has these settings applied to them.
The crypto x509 ca-keyid command when used with the ocsp-server command in the global
configuration mode creates a per-certificate configuration context under which the remaining commands
are entered.
Related
Commands
ocsp-server
crypto x509 ocsp
ocsp-server
Configures OCSP server on a CA.
Syntax
ocsp-server url [nonce] [sign-requests]
Parameters
url
Enter the URL for the OCSP responder using standard URI format. Either http or
https protocol can be used. For example, http://[1100::101]:8888.
nonce Enter the keyword nonce to use the nonce feature for the OCSP requests to
OCSP responder communication. This number is a one-time value that must be
returned in the OCSP response. If the OCSP responder is using precomputed
responses, then it does not reply with the nonce. The nonce feature is off by
default. The no version of the command disables the nonce feature.
sign-requests Enter the keyword sign-requests to sign the OCSP requests to OCSP
responder communication with the systems own certificate so that the OCSP
responder may verify the requestor. The sign-requests feature is off by default.
The no version of the command disables signing of requests.
Defaults None.
Command Modes CERTIFICATE
Command
History
This guide is platform-specific. For command information about other platforms, see the relevant Dell
EMC Networking OS Command Line Reference Guide.
The following is a list of the Dell EMC Networking OS version history for this command:
1710 X.509v3