Skip to main content

security config ocsp show

Contributors
Suggest changes

Show Online Certificate Status Protocol (OCSP) settings

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

The security config ocsp show command displays the support status of the OCSP-based certificate status check for applications supporting SSL/TLS communications. If the OCSP support is enabled for an application, this check is done in addition to the certificate chain validation as part of the SSL handshake process. The OCSP-based certificate status check is done for all the certificates in the chain, provided that each certificate has the OCSP URI access points mentioned in them. If no access points are specified, the OCSP-based certificate revocation status check is ignored for that certificate and checking continues for the rest of the certificates in the chain.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-application <SSL/TLS Application supporting OCSP>] - Application Name (privilege: advanced)

Selects the application that matches this parameter value. Applications include:

  • autosupport - AutoSupport

  • audit_log - Audit Logging

  • fabricpool - External capacity tiers

  • ems - Event Management System

  • kmip - Key Management Interoperability Protocol

  • ldap_ad - Lightweight Directory Access Protocol - Active Directory (query and modify items in Active Directory)

  • ldap_nis_namemap - Lightweight Directory Access Protocol - NIS and Name Mapping (query Unix user, group, netgroup and name mapping information)

  • ssh - Secure Shell

[-is-ocsp-enabled {true|false}] - Is OCSP-based Certificate Status Check Enabled? (privilege: advanced)

Selects the application that matches this parameter value.

Examples

The following example displays the OCSP support for the applications supporting SSL/TLS communications:

cluster1::> security config ocsp show
Application          OCSP Enabled?
-------------------- -------------
autosupport          true
audit_log            false
fabricpool           false
ems                  true
kmip                 false
ldap                 false
ssh                  false
6 entries were displayed.

The following example displays the OCSP support for AutoSupport:

cluster1::*> security config ocsp show -application autosupport
Application Name: autosupport
Is OCSP-based Certificate Status Check Enabled?: true