Configure OCSP for revocation check

Configures the parameters for the OCSP revocation check mode.

Syntax


crypto pki ta-profile profile-name revocation-check ocsp [[strict|optional] | [url1 REVOC-URL] | [url2 REVOC-URL] | [disable-nonce]]

Definitions

profile-name

A name (maximum 100 characters) with a unique identifier for the Trust Anchor Profile. Ten TA profiles are supported: one for each allowed trust anchor (Root CA certificate.)

revocation-check

Applies revocation check on a TA profile.

ocsp

Uses OCSP for revocation.

Options

You can only specify one of these options.

strict

Sets the enforcement as strict.

optional

Sets enforcement as optional.

url1

Configure the first URL.

url2

Configures the second URL.

disable-nonce

Disables the nonce.