Online certificate status protocol
Contributors
Suggest changes
PDFs
Online Certificate Status Protocol (OCSP) enables ONTAP applications that use TLS communications, such as LDAP or TLS, to receive digital certificate status when OCSP is enabled. The application receives a signed response signifying that the certificate requested is good, revoked, or unknown.
OCSP enables determination of the current status of a digital certificate without requiring certificate revocation lists (CRLs).
By default, OCSP certificate status checking is disabled. It can be turned on with the command security config ocsp enable -app name, where the app name can be autosupport, audit_log, fabricpool, ems, kmip, ldap_ad, ldap_nis_namemap, or all. The command requires advanced privilege level.