Cisco Cisco ASR 5700
Crypto Map IKEv2-IPv4 Configuration Mode Commands
▀ ocsp
▄ Command Line Interface Reference, StarOS Release 17
2892
ocsp
Enables use of Online Certificate Status Protocol (OCSP) from a crypto template. OCSP provides a facility to obtain
timely information on the status of a certificate.
timely information on the status of a certificate.
Product
All products supporting IPSec
Important:
This command appears in the CLI for this release. However, it has not been qualified for use with
any current Cisco StarOS gateway products.
Privilege
Security Administrator
Syntax
ocsp [ nonce | responder-address ipv4_address [ port port_value ] ]
no ocsp [ nonce | responder-address [ port ] ]
default ocsp [ nonce ]
no
Disables the use of OCSP.
default
Restores the default value assigned for ocsp nonce.
nonce
Enables sending nonce (unique identifier) in OCSP requests.
responder-address
ipv4_address
Configures the OCSP responder address that is used when absent in the peer (device) certificate.
ipv4_address
is an IPv4 address specified in dotted decimal format.
port
port_value
Configures the port for OCSP responder.
port_value
is an integer value between 1 and 65535. The default port is 8889.
Usage
This command enables the use of Online Certificate Protocol (OCSP) from a crypto map/template. OCSP
provides a facility to obtain timely information on the status of a certificate.
OCSP messages are exchanged between a gateway and an OCSP responder during a certificate transaction.
The responder immediately provides the status of the presented certificate. The status can be good, revoked or
unknown. The gateway can then proceed based on the response.
provides a facility to obtain timely information on the status of a certificate.
OCSP messages are exchanged between a gateway and an OCSP responder during a certificate transaction.
The responder immediately provides the status of the presented certificate. The status can be good, revoked or
unknown. The gateway can then proceed based on the response.
Example
The following command enables OSCP: