ocsp enforcement-level - 188金宝搏的网址

Syntax

ocsp enforcement-level {strict | optional} no enforcement-level

描述

Sets either strict or reduced enforcement of the OCSP check of certificates. Strict enforcement is enabled by default.

The没有form of this command resets enforcement to its default ofstrict.

Command context

config-ta-

Parameters

strict

Sets strict OCSP checking of certificates. The certificate is accepted only if all possible checking (including validation failures, software system errors, configuration errors, transactional errors) is successful.

optional

Sets reduced OCSP checking of certificates. The certificate is accepted unless one or more of these validation errors occur:

Response signature invalid.
现时标志在响应不匹配。
Certificate revoked, but only when revocation checking is possible. if revocation check is not possible, the certificate is still accepted if there are no other validation errors.

Authority

Administrators or local user group members with execution rights for this command.

Examples

Setting reduced OCSP checking of certificates:

switch(config)#crypto pki ta-profile root-certswitch(config-ta-root-cert)#ocsp enforcement-level optional

Setting strict OCSP checking of certificates:

switch(config)#crypto pki ta-profile root-certswitch(config-ta-root-cert)#ocsp enforcement-level strict