ocsp url

Function

The ocsp url command configures the Uniform Resource Locator (URL) address for the Online Certificate Status Protocol (OCSP) server.

The undo ocsp url command deletes the URL address of the OCSP server.

By default, an OCSP server does not have an URL address.

Format

ocsp url [ esc ] url-address

undo ocsp url

Parameters

Parameter Description Value
esc Indicates that the URL address is in ASCII mode. -
url-address Indicates the OCSP server's URL address. The value is a string starting with http:// and consisting of 1 to 128 case-sensitive characters without spaces.

Views

PKI realm view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If a certificate to be checked through OCSP does not contain the AIA option, run this command to configure the OCSP server's URL. If the certificate contains the AIA option, run the ocsp-url from-ca command to configure the PKI entity to obtain OSCP server's URL from the AIA option.

Precautions

The system can check whether a certificate is revoked only after the ca-name command is executed to associate the PKI realm with a CA.

An administrator cannot enter command lines that include a question mark (?). Keyword esc supports the entering of URLs that include the question mark (?) in the ASCII code, and 3f is the hexadecimal ASCII code for the question mark (?). Therefore, the entered URL must be in \x3f format. For example, the URL that an administrator needs to enter is http://www.example.com\x3fpage1, instead of http://www.example.com?page1. If the administrator wants to configure http://www.example.com?page1\x3f that includes both a question mark (?) and \x3f, the administrator should add an escape character (\) to \x3f and enter http://www.example.com\x3fpage1\\x3f.

Example

# Set the OCSP server's URL address to http://10.1.1.1.

<sysname> system-view
[sysname] pki realm test
[sysname-pki-realm-test] ocsp url http://10.1.1.1
Copyright © Huawei Technologies Co., Ltd.