Configuring the Mobility Master or Managed Device as an OCSP Responder
When configured as an OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder, the Mobility Master or the managed device provides revocation status information to ArubaOS applications that use CRLs.
You can configure Mobility Master or Managed Device as an OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder using the WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..
In the WebUI
Perform the following steps to configure the Mobility Master as an OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder:
- In the node hierarchy, navigate to the tab.
- Expand the accordion.
- Click in the section.
- Enter the following certificate details in the
- Enter a name in the text box. This name identifies the certificate you are importing.
- Enter the certificate filename in the text box. Click the button to enter the full pathname.
- Enter a password in the text box. The password is optional.
- If you opted for using the optional password (in step c), re-enter the password in the text box.
- Select a certificate format from the drop-down list. You can import certificates of format DER, P12, PEM, PFX, PKCS12, and PKCS7.
- Select from the drop-down list.
- When this certificate is imported, it is maintained in the certificate store for OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer certificates. These certificates are used for signature verification.
- The OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer cert signs OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responses for this revocation checkpoint. The OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer cert can be the same trusted CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. as the checkpoint, a designated OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer certificate issued by the same CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. as the checkpoint or some other local trusted authority.
- If you do not specify an OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer cert, OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responses are signed using the global OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer certificate. If that is not present, than an error message is sent out to clients.
The OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer certificate takes precedence over the global OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer certificate as it is checkpoint specific.
section: - Click . The certificate appears in the section.
- For detailed information about an imported certificate, click the certificate from the certificate list.
- Click the
- Click the toggle switch to enable this setting.
- OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder service on or off on the Mobility Master or the managed device. The default is disabled (off). Enabling this option automatically adds the OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder port (TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. 8084) to the permit list in the CP firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. so this can be accessed from outside the Mobility Master or the managed device. is a global option that turns the
- Select the OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responses for this revocation checkpoint from the drop-down list . to be used to sign
- In the section, click the record for which you want to configure the revocation checkpoint. The section is displayed.
- Select from the drop-down list as the primary check method. Optionally, select a backup check method from the drop-down list.
- In the CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. you want used for this revocation checkpoint. The CRLs listed are files that have already been imported onto the Mobility Master or the managed device. text box, enter the
- Click the toggle switch to enable this setting.
- Select from the drop-down list.
accordion menu. - Click .
- Click .
- In the window, select the check box indicating the pending change and click .
In the CLI
Run the following commands to configure the Mobility Master or the managed device as an OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder.
(host)[mynode](config) #crypto-local pki service-ocsp-responder
(host)[mynode](config) #crypto-local pki rcp <name>
(host)[mynode](config-submode) #ocsp-signer-cert oscsp_CA1
(host)[mynode](config-submode) #crl-location file <filename>
(host)[mynode](config-submode) #enable-ocsp-responder