Set certificate revocation check settings

The set storageArray revocationCheckSettings command allows you to enable or disable revocation checking, and configure an Online Certificate Status Protocol (OCSP) server.

Supported Arrays

This command applies to an individual DE2000H, DE4000H, DE4000F, DE6000H, or DE6000F storage array.

Roles

To execute this command on an storage array, you must have the Security Admin role.

Context

The OCSP server checks for any certificates that the Certificate Authority (CA) has revoked before their scheduled expiration date. You might want to enable revocation checking in cases where the CA improperly issued a certificate or if a private key is compromised.
Note: Make sure a DNS server is configured on both controllers, which allows you to use a fully qualified domain name for the OCSP server.

After you enable revocation checking, the storage array denies an attempted connection to a server with a revoked certificate.

Syntax

set storageArray revocationCheckSettings ([revocationCheckEnable = boolean] &| [ocspResponderUrl=stringLiteral])

Parameters

Parameter Description
revocationCheckEnable Set to true to enable certificate revocation checking.
ocspResponderUrl The URL of the OCSP responder server to be used for the certificate revocation check.
Note: Specifying an OCSP responder address overrides the OCSP address found in the certificate file.