Skip to main content
SANtricity commands

Set certificate revocation check settings

Contributors netapp-driley

The set storageArray revocationCheckSettings command allows you to enable or disable revocation checking, and configure an Online Certificate Status Protocol (OCSP) server.

Supported Arrays

This command applies to an individual E4000, E2800, E5700, EF600 or EF300 storage array. It does not operate on E2700 or E5600 storage arrays.

Roles

To execute this command on an E4000, E2800, E5700, EF600, or EF300 storage array, you must have the Security Admin role.

Context

The OCSP server checks for any certificates that the Certificate Authority (CA) has revoked before their scheduled expiration date. You might want to enable revocation checking in cases where the CA improperly issued a certificate or if a private key is compromised.

Note

Make sure a DNS server is configured on both controllers, which allows you to use a fully qualified domain name for the OCSP server.

After you enable revocation checking, the storage array denies an attempted connection to a server with a revoked certificate.

Syntax

set storageArray revocationCheckSettings ([revocationCheckEnable = boolean] &| [ocspResponderUrl=stringLiteral])

Parameters

Parameter Description

revocationCheckEnable

Set to true to enable certificate revocation checking.

ocspResponderUrl

The URL of the OCSP responder server to be used for the certificate revocation check.

Note

Specifying an OCSP responder address overrides the OCSP address found in the certificate file.

Minimum firmware level

8.42