< Home

ocsp-url from-ca

Function

The ocsp-url from-ca command configures a PKI entity to obtain the OCSP server's URL from the Authority Info Access (AIA) option in a CA certificate.

The undo ocsp-url from-ca command disables a PKI entity from obtaining the OCSP server's URL from the AIA option in a CA certificate.

By default, a PKI entity does not obtain OCSP server's URL from a CA certificate's AIA option.

Format

ocsp-url from-ca

undo ocsp-url from-ca

Parameters

None

Views

PKI realm view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If a certificate to be checked through OCSP contains the AIA option, run this command to configure the PKI entity to obtain OSCP server's URL from the AIA option. If the certificate does not contain the AIA option, run the ocsp url command to configure the OCSP server's URL.

Precautions

The system can check whether a certificate is revoked only after the ca-name command is executed to associate the PKI realm with a CA.

Example

# Configure a PKI entity to obtain OCSP server's URL from a CA certificate's AIA option.

<sysname> system-view
[sysname] pki realm test
[sysname-pki-realm-test] ocsp-url from-ca
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >