< Home

ocsp url

Function

The ocsp url command configures the Uniform Resource Locator (URL) address for an Online Certificate Status Protocol (OCSP) server.

The undo ocsp url command deletes the URL address of an OCSP server.

By default, an OCSP server does not have a URL address.

Only devices in NETCONF mode support this command.

Format

ocsp url [ esc ] url-address

undo ocsp url

Parameters

Parameter

Description

Value

esc

Indicates that the URL address is in ASCII mode.

-

url-address

Indicates the OCSP server's URL address.

The value is a string starting with http:// and consisting of 1 to 128 case-sensitive characters without spaces.

Views

PKI realm view

Default Level

2: Configuration level

Usage Guidelines

If a certificate to be checked through OCSP does not contain the AIA option, run this command to configure the OCSP server's URL. If the certificate contains the AIA option, run the ocsp-url from-ca command to configure the PKI entity to obtain OSCP server's URL from the AIA option.

The keyword esc supports the entering of URLs that include the question mark (?) in ASCII code, and 3f is the hexadecimal ASCII code for the question mark (?). Therefore, the entered URL must be in \x3f format. For example, the URL that an administrator needs to enter is http://www.***.com\x3fpage1, instead of http://www.***.com?page1. If the administrator wants to configure http://www.***.com?page1\x3f that includes both a question mark (?) and \x3f, the administrator should add an escape character (\) to \x3f and enter http://www.***.com\x3fpage1\\x3f.

Example

# Set the OCSP server's URL address to http://10.1.1.1.

<HUAWEI> system-view
[HUAWEI] pki realm test
[HUAWEI-pki-realm-test] ocsp url http://10.1.1.1
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >