revocation-check
To configure trustpoint revocation check methods, use the revocation-check command. To discard the
revocation check configuration, use the no form of this command.
revocation-check {crl [none]| none}
no revocation-check {crl [none]| none}
Syntax Description
Specifies the locally stored certificate revocation list
(CRL) as the place to check for revoked certificates.
crl
(Optional) Specifies that no checking is performed
for revoked certificates.
none
Command Default
By default, the revocation checking method for a trustpoint is CRL.
Command Modes
Trustpoint configuration
Command History
ModificationRelease
This command was introduced.4.1(2)
Usage Guidelines
A revocation check can perform one or more of the methods which you specify as an ordered list. During
peer certificate verification, each method is tried in the specified order until one method succeeds by providing
the revocation status. When you specify none as the method, it means that there is no need to check the
revocation status, and the peer certificate is not revoked. If none is the first method that you specify in the
method list, you cannot specify subsequent methods because checking is not required.
This command does not require a license.
Examples
This example shows how to check for revoked certificates in the locally stored CRL:
switch(config-trustpoint)# revocation-check crl
This example shows how to do no checking for revoked certificates:
switch(config-trustpoint)# revocation-check none
Related Commands
DescriptionCommand
Configures a CRL or overwrites the existing one for
the trustpoint CA.
crypto ca crl-request
Cisco Nexus 7000 Series Security Command Reference
623
R Commands
revocation-check
To Next Page
Loading...
