Concept Guide

334| crypto-local pki Dell Networking W-Series ArubaOS 6.5.x| Reference Guide
Parameter Description
<filename>
Original imported filename of the signer certificate.
ServerCert
Server certificate. This certificate must contain both a public and a private
key (the public and private keys must match). You can import a server
certificate in either PKCS12 or x509 PEM format; the certificate is stored in
x509 PEM DES encrypted format on the controller.
<certname>
Name of the signer certificate.
<filename>
Original imported filename of the signer certificate.
TrustedCA
Trusted CA certificate. This can be either a root CA or intermediate CA. Dell
encourages (but does not require) an intermediate CA’s signing CA to be
the controller itself.
<certname>
Name of the signer certificate.
<filename>
Original imported filename of the signer certificate.
global-ocsp-signer-cert
Specifies the global OCSP signer certificate to use when signing OCSP
responses if there is no check point specific OSCP signer certificate
present. If the ocsp-signer-cert is not specified, OCSP responses are signed
using the global OCSP signer certificate. If this is not present, than an error
message is sent out to clients.
NOTE: The OCSP signer certificate (if configured) takes precedence over
the global OCSP signer certificate as this is check point specific.
rcp <name>
Specifies the revocation check point. A revocation checkpoint is
automatically created when a TrustedCA or IntermediateCA certificate is
imported on the controller.
service-ocsp-responder
This is a global knob that turns the OCSP responder on or off. The default is
off (disabled). To enable this option a CRL must be configured for this
revocation checkpoint as this is the source of revocation information in the
OCSP responses.
Usage Guidelines
This command lets you configure the controller to perform real-time certificate revocation checks using the
Online Certificate Status Protocol (OCSP) or traditional certificate validation using the Certificate Revocation
List (CRL) client. Refer to the Certificate Revocation chapter in the Dell Networking W-Series ArubaOS 6.5.x User
Guide for more information on how to configure this feature using both the WebUI and CLI.
Example
This example configures the controller as an OCSP responder.
The revocation check point is specified as CAroot. (The revocation check point CAroot was automatically
created when the CAroot certificate was previously uploaded to this controller.) The OCSP signer certificate is
RootCA-Ocsp_signer. The CRL file is Security1-WIN-05PRGNGEKAO-CA-unrevoked.crl The OCSP responder is
enabled.
crypto-local pki service-ocsp-responder