Use this command to specify a list of trusted CA certificates used to verify OCSP response signatures.
pki-cert-list | Specifies a PKI certificate list created using set pki certificate containing the OCSP response signing certificate. |
None.
All command modes with admin privilege.
This command establishes the OCSP signing certificate trust by matching a signing certificate with a local configuration of the OCSP signing authority in question. This option is specified in Section 4.2.2.2 Authorized Responders of RFC 2560 X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP as a way of verifying that the entity which issued the OCSP signing certificate is actually authorized to sign a particular certificate‘s OCSP response message.
See Specifying an OCSP Signature Certificate Authority List in the S-, K-, and 7100 Series Configuration Guide for details on specifying an OCSP signature certificate authority list.
This example shows how to specify myTrustedOcspSigningCerts as the certificate list containing trusted CA certificates used to verify OCSP response signatures:
System(su)->set pki ocsp signature-ca-list myTrustedOcspSigningCerts System(su)->