security config ocsp show
Show Online Certificate Status Protocol (OCSP) settings
Availability: This command is available to cluster administrators at the advanced privilege level.
Description
The security config ocsp show
command displays the support status of the OCSP-based certificate status check for applications supporting SSL/TLS communications. If the OCSP support is enabled for an application, this check is done in addition to the certificate chain validation as part of the SSL handshake process. The OCSP-based certificate status check is done for all the certificates in the chain, provided that each certificate has the OCSP URI access points mentioned in them. If no access points are specified, the OCSP-based certificate revocation status check is ignored for that certificate and checking continues for the rest of the certificates in the chain.
Parameters
[-fields <fieldname>,…]
-
If you specify the
-fields <fieldname>, …
parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify. - |
[-instance ]
(privilege: advanced) } -
If you specify the
-instance
parameter, the command displays detailed information about all fields. [-application <SSL/TLS Application supporting OCSP>]
- Application Name (privilege: advanced)-
Selects the application that matches this parameter value. Applications include:
-
autosupport - AutoSupport
-
audit_log - Audit Logging
-
fabricpool - External capacity tiers
-
ems - Event Management System
-
kmip - Key Management Interoperability Protocol
-
ldap_ad - Lightweight Directory Access Protocol - Active Directory (query and modify items in Active Directory)
-
ldap_nis_namemap - Lightweight Directory Access Protocol - NIS and Name Mapping (query Unix user, group, netgroup and name mapping information)
-
ssh - Secure Shell
-
[-is-ocsp-enabled {true|false}]
- Is OCSP-based Certificate Status Check Enabled? (privilege: advanced)-
Selects the application that matches this parameter value.
Examples
The following example displays the OCSP support for the applications supporting SSL/TLS communications:
cluster1::> security config ocsp show Application OCSP Enabled? -------------------- ------------- autosupport true audit_log false fabricpool false ems true kmip false ldap false ssh false 6 entries were displayed.
The following example displays the OCSP support for AutoSupport:
cluster1::*> security config ocsp show -application autosupport Application Name: autosupport Is OCSP-based Certificate Status Check Enabled?: true