Release Notes

ManualsBrandsDell ManualsTVs & monitorsW-620

291

292

293

294

295

296

297

298

299

300

Parameter Description

Name of the signer certificate.

Original imported filename of the signer certificate.

TrustedCA

Trusted CA certificate. This can be either a root CA or intermediate CA. Dell

encourages (but does not require) an intermediate CA’s signing CA to be the

controller itself.

Name of the signer certificate.

Original imported filename of the signer certificate.

global-ocsp-signer-cert

Specifies the global OCSP signer certificate to use when signing OCSP

responses if there is no check point specific OSCP signer certificate present.

If the ocsp-signer-cert is not specified, OCSP responses are signed using the

global OCSP signer certificate. If this is not present, than an error message is

sent out to clients.

NOTE: The OCSP signer certificate (if configured) takes precedence over the

global OCSP signer certificate as this is check point specific.

rcp <name>

Specifies the revocation check point. A revocation checkpoint is automatically

created when a TrustedCA or IntermediateCA certificate is imported on the

controller.

service-ocsp-responder

This is a global knob that turns the OCSP responder on or off. The default is

off (disabled). To enable this option a CRL must be configured for this

revocation checkpoint as this is the source of revocation information in the

OCSP responses.

Usage Guidelines

This command lets you configure the controller to perform real-time certificate revocation checks using the

Online Certificate Status Protocol (OCSP) or traditional certificate validation using the Certificate Revocation

List (CRL) client. Refer to the Certificate Revocation chapter in the Dell Networking W-Series ArubaOS 6.4.x User

Guide for more information on how to configure this feature using both the WebUI and CLI.

Example

This example configures the controller as an OCSP responder.

The revocation check point is specified as CAroot. (The revocation check point CAroot was automatically

created when the CAroot certificate was previously uploaded to this controller.) The OCSP signer certificate is

RootCA-Ocsp_signer. The CRL file is Security1-WIN-05PRGNGEKAO-CA-unrevoked.crl The OCSP responder is

enabled.

crypto-local pki service-ocsp-responder

crypto-local pki rcp CARoot

ocsp-signer-cert RootCA-Ocsp_signer

crl-location file Security1-WIN-05PRGNGEKAO-CA-unrevoked.crl

enable-ocsp-responder

Dell Networking W-Series ArubaOS 6.4.x | Reference Guide crypto-local pki | 298