PKI Global Settings Configuration Mode Commands
To configure public key infrastructure (PKI) encryption global settings on a WAAS device, use the crypto pki global-settings global configuration command.
crypto pki global-settings
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
global configuration
Device Modes
application-accelerator
Usage Guidelines
Use the crypto pki global-settings command to configure OCSP and revocation checking. The crypto pki global-settings command initiates the global settings configuration mode, as indicated by the following prompt:
WAE(config-pki-global-settings)
Within PKI global settings configuration mode, you can use PKI global settings commands to define PKI settings. To return to global configuration mode, enter exit at the PKI global settings configuration mode prompt.
Examples
The following example shows how to enter PKI global settings configuration mode:
WAE(config)# crypto pki global-settings
WAE(config-pki-global-settings)#
Related Commands
(config-pki-global-settings) ocsp
(config-pki-global-settings) revocation-check
(config-pki-global-settings) ocsp
To enter the URL to be used as the global settings for the Online Certificate Status Protocol (OCSP) protocol revocation status checking, use the ocsp global settings configurations mode command.
ocsp url http://address
Syntax Description
url http://address |
URL to be used for OCSP revocation status checking. |
Defaults
No default behavior or values.
Command Modes
PKI global settings configuration
Device Modes
application-accelerator
central-manager
Examples
The following example shows how to define the OCSP URL as www.myocspurl.com:
WAE(config)# crypto pki global-settings
WAE(config-pki-global-settings)# ocsp url http://www.myocspurl.com
Related Commands
(config-pki-global-settings) revocation-check
(config-pki-global-settings) revocation-check
To configure the global settings revocation checking method, use the revocation-check command.
revocation-check {ocsp-cert-url | ocsp-url} [none]
Syntax Description
ocsp-cert-url |
Enables Online Certificate Status Protocol (OCSP) revocation status checking using the CA server URL defined in the CA certificate. |
ocsp-url |
Enables OCSP revocation status checking using the URL defined for the global OCSP settings. |
none or null |
Specifies a revocation check null method that returns revocation. |
Defaults
No default behavior or values.
Command Modes
PKI global settings configuration
Device Modes
application-accelerator
central-manager
Examples
The following example shows how to configure the global revocation checking to use the URL defined in the global OCSP settings:
WAE(config)# crypto pki global-settings
WAE(config-pki-global-settings)# revocation-check ocsp-url
The following example shows how to configure the global revocation checking use the URL defined in the global OCSP settings as the first method, and to use no checking as the second method:
WAE(config)# crypto pki global-settings
WAE(config-pki-global-settings)# revocation-check ocsp-url none
Related Commands
(config-pki-global-settings) ocsp