< Home

pki ocsp response cache enable

Function

The pki ocsp response cache enable command enables a PKI entity to cache OCSP responses.

The undo pki ocsp response cache enable command disables a PKI entity from caching OCSP responses.

By default, OCSP response caching is disabled on a PKI entity.

Only devices in NETCONF mode support this command.

Format

pki ocsp response cache enable

undo pki ocsp response cache enable

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

After you enable a PKI entity to cache OCSP responses, the PKI entity first searches its cache for the certificate revocation status. If the search fails, the PKI entity sends a request to the OCSP server. In addition, the PKI entity caches valid OCSP responses for subsequent query. OCSP responses have a validity period. With OCSP response caching enabled, a PKI entity refreshes the cached OCSP responses every minute to clear expired OCSP responses.

Example

# Enable a PKI entity to cache OCSP responses.

<HUAWEI> system-view
[HUAWEI] pki ocsp response cache enable
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >