ocsp url
Syntax
ocsp url {primary | secondary} <URL>
no ocsp url {primary | secondary}
Description
Configures the OCSP responder URLs that the current TA profile uses to verify the revocation status of an X.509 digital certificate. These URLs override the OCSP responder URL contained within the peer certificate being verified (as well as URLs defined in any intermediate CAs in the chain of trust).
If no OCSP responder URLs are defined for a TA profile (default setting), then the OCSP responder URL in the peer certificate is used for revocation status checking. (The OCSP responder URL is contained in a certificate's Authority Information Access field, which is an X.509 v3 certificate extension.)
The
no
form of this command deletes the specified OCSP responder URL (primary or secondary) from the current TA profile.
Command context
config-ta-<TA-NAME>
Parameters
{primary | secondary} <URL>
- Specify the HTTP URL of the primary or secondary OCSP responder using either a fully qualified domain name or IPv4 address.
Authority
Administrators or local user group members with execution rights for this command.
Examples
Defining the primary OCSP URL for the TA profile root-cert:
switch(config)# crypto pki ta-profile root-cert switch(config-ta-root-cert)# revocation-check ocsp switch(config-ta-root-cert)# ocsp url primary http://ocsp-server.site.com
Removing the primary OCSP URL from the TA profile root-cert:
switch(config)# crypto pki ta-profile oot-cert switch(config-ta-root-cert)# revocation-check ocsp switch(config-ta-root-cert)# no ocsp url primary