Set certificate revocation check settings
The set storageArray revocationCheckSettings command allows you to enable or disable revocation checking, and configure an Online Certificate Status Protocol (OCSP) server.
Supported Arrays
This command applies to an individual DE2000H, DE4000H, DE4000F, DE6000H, or DE6000F storage array.
Roles
To execute this command on an storage array, you must have the Security Admin role.
Context
The OCSP server checks for any certificates that the Certificate Authority (CA) has revoked before their scheduled expiration date. You might want to enable revocation checking in cases where the CA improperly issued a certificate or if a private key is compromised.
Note
Make sure a DNS server is configured on both controllers, which allows you to use a fully qualified domain name for the OCSP server.
After you enable revocation checking, the storage array denies an attempted connection to a server with a revoked certificate.
Syntax
set storageArray revocationCheckSettings ([revocationCheckEnable = boolean] &| [ocspResponderUrl=stringLiteral])
Parameters
| Parameter | Description |
|---|---|
| revocationCheckEnable | Set to true to enable certificate revocation checking. |
| ocspResponderUrl | The URL of the OCSP responder server to be used for the certificate revocation check. Note Specifying an OCSP responder address overrides the OCSP address found in the certificate file. |
Give documentation feedback