Filter
Top Products
Figure 67: View certificate details
8. Select the Revocation Checkpoint tab.
9. In the Revocation Checkpoint pane, click Edit next to the revocation checkpoint that you want to configure.
The Revocation Checkpoint pane displays.
10. In the Revocation Check field, select ocsp from the Method 1 drop-down list as the primary check method.
11. In the OCSP URL field, enter the URL of the OCSP responder.
12. In the OCSP Responder Cert field, select the OCSP certificate you want to configure from the drop-down
menu.
13. Click Apply.
In the CLI
This example configures an OCSP client with the revocation check method as OCSP for revocation check point
CAroot.
The OCSP responder certificate is configured as RootCA-Ocsp_responder. The corresponding OCSP responder
service is available at http://10.4.46.202/ocsp. The check method is OCSP for revocation check point CARoot.
(host) (config) #crypto-local pki rcp CARoot
(host) (RCP-CARoot) #ocsp-responder-cert RootCA-Ocsp_responder
(host) (RCP-CARoot) #ocsp-url http://10.4.46.202/ocsp
(host) (RCP-CARoot) #revocation-check ocsp
The show crypto-local pki OCSPResponderCert CLI command lists the contents of the OCSP Responder
Certificate store.
The show crypto-local pki revocation checkpoint rcp_name CLI command shows the entire configuration
for a given revocation checkpoint.
Configuring the Controller as a CRL Client
CRL is the traditional method of checking certificate validity. When you want to check certificate validity using a
CRL, you need to import the CRL. CRLs can only be imported using the WebUI.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide Certificate Revocation | 230