Downloading CA certificate chain is not supported.
Individual CA certificates in a certificate chain should be downloaded
one-by-one using the following command: download ssl ipaddresscertificate {ssl-cert | trusted-ca |
ocsp-signature-ca | {csr-cert {ocsp [on | off]}} file_name
Downloading CA certificate of size greater than 7.5KB is not recommended.
OCSP is not done for the OCSP responder certificate. Therefore, the OCSP
responder certificate should satisfy any of following criteria, failing which the OCSP response
is rejected:
OCSP responder certificate should be self-signed, OR
OCSP responder certificate should contain id-pkix-ocsp-nocheck extension.