1. ACLI Reference Guide
  2. ACLI Configuration Elements A-M
  3. cert-status-profile

cert-status-profile

The cert-status-profile configuration element identifies an OCSP responder, the transport protocol used to access the responder, and the certificates used to sign the OCSP request and to validate the OCSP response.

Parameters

name
Enter the name of this cert-status-profile instance, thus allowing the configuration of multiple configuration elements of this type. This parameter is required.
  • Default: None
  • Values: Any valid object name — the name must be unique within the 
cert-status-profile namespace
ip-address
Enter the IPv4 address of the destination OCSP responder. This parameter is required.
  • Default: None
  • Values: Any valid IPv4 address
hostname
Hostname of the SBC. If this parameter and the ip-address parameter are both configured, the SBC uses the IP address.
port
Enter the destination port number. This parameter is optional.
  • Default: 80
  • Values: Any valid port number
type
Enter the protocol type used for certificate checking. This parameter is optional.
  • Default: ocsp
  • Values: ocsp | crl
trans-proto
Enter the protocol used to transmit the OSCP request; the single currently supported value is http. This parameter is optional.
  • Default: http
  • Values: http
requester-cert
Enter the name of the certificate configuration element used to sign the outgoing OCSP request; this parameter is required only if the OCSP responder mandates a signed request.
  • Default: None
  • Values: An existing certificate configuration element name
trusted-cas
Enter a list of trusted Certificate Authority certificate records.
responder-cert
Enter the name of the certificate configuration element used to validate the incoming OCSP response.
  • Default: None
  • Values: An existing certificate configuration element name
realm-id
Enter the name of the realm used for transmitting OCSP requests. This parameter is optional.
  • Default: wancom
  • Values Any valid realm name
retry-count
Enter the maximum number of times to retry an OCSP responder in the event of connection failure.
  • Default: 1
  • Values: Min: 0/Max: 10
dead-time
Enter the interval (in seconds) between the trigger of the retry-count(er) and the next attempt to access the unavailable OCSP responder. This parameter is optional.
  • Default: 0 (seconds)
  • Values: Min: 0/Max: 3600
crl-update-interval
Specify the interim, in seconds, between CRL updates.
  • Default: 86400
  • Values: 600-2600000
crl-list
Enter a list of trusted Certificate Authority certificate records.

Path

cert-status-profile is a subelement under the security configuration element. The full path from the topmost ACLI prompt is: configure-terminal, and then security, and then cert-status-profile.

Note:

This is a multiple instance configuration.