SANtricity 11.8 Commands ( CA08871-194 ~ 196 )

Set certificate revocation check settings

The set storageArray revocationCheckSettings command allows you to enable or disable revocation checking, and configure an Online Certificate Status Protocol (OCSP) server.

Supported Series

This command applies to an individual HB2100/HB2200/HB2300, HB5100/HB5200, AB6100 or AB3100 storage system.

Roles

To execute this command on an HB2100/HB2200/HB2300, HB5100/HB5200, AB6100, or AB3100 storage system, you must have the Security Admin role.

Context

The OCSP server checks for any certificates that the Certificate Authority (CA) has revoked before their scheduled expiration date. You might want to enable revocation checking in cases where the CA improperly issued a certificate or if a private key is compromised.

Make sure a DNS server is configured on both controllers, which allows you to use a fully qualified domain name for the OCSP server.

After you enable revocation checking, the storage system denies an attempted connection to a server with a revoked certificate.

Syntax

set storageArray revocationCheckSettings ([revocationCheckEnable = boolean] &| [ocspResponderUrl=stringLiteral])

Parameters

Parameter Description

revocationCheckEnable

Set to true to enable certificate revocation checking.

ocspResponderUrl

The URL of the OCSP responder server to be used for the certificate revocation check.

Specifying an OCSP responder address overrides the OCSP address found in the certificate file.

Top of Page