Filter
Top Products
The OCSP signer cert is used to sign OCSP responses for this revocation check point. The OCSP signer cert can
be the same trusted CA as the check point, a designated OCSP signer certificate issued by the same CA as the
check point or some other local trusted authority.
If you do not specify an OCSP signer cert, OCSP responses are signed using the global OCSP signer certificate. If
that is not present, than an error message is sent out to clients.
NOTE: The OCSP signer certificate takes precedence over the global OCSP signer certificate as this is check point specific
6. Click Upload. The certificate appears in the Certificate Lists pane. Select OCSP signer cert from the Group
drop-down list if you want to display only those certificates which are OCSP signer certificates.
7. For detailed information about an uploaded certificate, click View next to the certificate.
8. Select the Revocation Checkpoint tab.
9. Select Enable next to Enable OCSP Responder.
Enable OCSP Responder is a global knob that turns the OCSP responder service on or off on the controller. The
default is disabled (off). Enabling this knob automatically adds the OCSP responder port (TCP 8084) to the
permit list in the CP firewall so this can be accessed from outside the controller.
10. Select the OCSP signer cert from the OCSP Certificates drop-down menu to be used to sign OCSP responses
for this revocation check point.
11. In the Revocation Checkpoint pane, click Edit next to the revocation checkpoint that you want to configure.
The Revocation Checkpoint pane displays.
12. In the Revocation Check field, optionally select a check method from the Method 1 drop-down list. Optionally,
select a backup check method from the Method 2 drop-down list.
13. Select Enable next to Enable OCSP Responder.
14. Select the OCSP signer cert from the OCSP Signer Cert drop-down menu.
15. IN the CRL Location field, enter the CRL you want used for this revocation checkpoint. The CRLs listed are
files that have already been imported onto the controller.
16. Click Apply.
In the CLI
This example configures the controller as an OCSP responder. The OCSP responder service is enabled, the revocation
check point is CAroot, the OCSP signer cert is “oscap_CA1,” the CRL file location is “Sec1-WIN-
05PRGNGEKAO-CA-unrevoked.crl.”
(host) (config) #crypto-local pki service-ocsp-responder
(host) (config) #crypto-local pki rcp CAroot
(host) (CAroot) #ocsp-signer-cert oscsp_CA1
(host) (CAroot) #crl-location file Sec1-WIN-05PRGNGEKAO-CA-unrevoked.crl
(host) (CAroot) #enable-ocsp-responder
DellPowerConnectW-SeriesArubaOS6.2 | User Guide Certificate Revocation | 232