vpn : certificate ocsp-server
 
certificate ocsp-server
Use this command to specify the revocation server for an OCSP (Online Certificate Status Protocol) server certificate. You can also specify the action to take if the server is not available.
Syntax
config vpn certificate ocsp-server
edit <ocsp_name>
set cert <cert_name>
set secondary-cert <cert2_name>
set secondary-url <ocsp2_url>
set source-ip <ip4_addr>
set url <ocsp_url>
set unavail-action <unavailable_action>
end
To view all of the information about the certificate, use the get command:
get vpn certificate ocsp [cert_name]
 
Variable
Description
<ocsp_name>
Enter a name for this OSCP server entry.
cert <cert_name>
Enter the OCSP server public certificate (one of the remote certificates).
secondary-cert <cert2_name>
Enter the secondary OCSP server public certificate (one of the remote certificates).
secondary-url <ocsp2_url>
Enter the URL of the secondary OCSP server.
source-ip <ip4_addr>
Enter an address to verify request is send from expected IP. sourceā€‘ip can be set after local Certificate is generated.
url <ocsp_url>
Enter the URL of the OCSP server.
unavail-action <unavailable_action>
Action taken on client certification when the OCSP server is unreachable. revoke or ignore. Default is revoke.