Administrator Guide
ocsp-server
Congures OCSP server on a CA.
Syntax
ocsp-server url [nonce] [sign-requests]
Parameters
url Enter the URL for the OCSP responder using standard URI format. Either http or https
protocol can be used. For example, http://[1100::101]:8888.
nonce Enter the keyword nonce to use the nonce feature for the OCSP requests to OCSP
responder communication. This number is a one-time value that must be returned in the
OCSP response. If the OCSP responder is using precomputed responses, then it does not
reply with the nonce. The nonce feature is o by default. The no version of the command
disables the nonce feature.
sign-requests Enter the keyword sign-requests to sign the OCSP requests to OCSP responder
communication with the system’s own certicate so that the OCSP responder may verify
the requestor. The sign-requests feature is o by default. The no version of the command
disables signing of requests.
Defaults None.
Command Modes CERTIFICATE
Command History
This guide is platform-specic. For command information about other platforms, see the relevant Dell Networking
OS Command Line Reference Guide.
The following is a list of the Dell Networking OS version history for this command:
Version Description
9.11.0.0 Introduced this command.
Usage Information The following RBAC roles are allowed to issue this command:
• sysadmin
• secadmin
Multiple OCSP responders may be congured per CA. The system tries each one until it gets a valid response. No
priority may be specied or guaranteed; the system tries them in the order in which they were congured.
Related Commands
• crypto x509 ocsp
ocsp-server prefer
Congures OCSP responder preference. You can congure the preference or order that the CA or a device should follow while contacting
multiple OCSP responders.
Syntax
ocsp-server prefer
Defaults None.
Command Modes CERTIFICATE
1718 X.509v3