Chapter 43 Certificates
UAG CLI Reference Guide
226
ca validation remote_certificate Enters the sub command mode for validation of
certificates signed by the specified remote (trusted)
certificates.
cdp {activate|deactivate} Turns certificate revocation on or off. When it is turned on,
the UAG validates a certificate by getting a Certificate
Revocation List (CRL) through HTTP or LDAP (can be
configured after activating the LDAP checking option) and
online responder (can be configured after activating the
OCSP checking option). You also need to configure the
OSCP or LDAP server details.
ldap {activate|deactivate} Has the UAG check (or not check) incoming certificates
that are signed by this certificate against a Certificate
Revocation List (CRL) on a LDAP (Lightweight Directory
Access Protocol) directory server.
ldap ip {ip|fqdn} port <1..65535> [id name
password password] [deactivate]
Sets the validation configuration for the specified remote
(trusted) certificate where the directory server uses LDAP.
ip: Type the IP address (in dotted decimal notation) or
the domain name of the directory server. The domain
name can use alphanumeric characters, periods and
hyphens. Up to 255 characters.
port: Specify the LDAP server port number. You must use
the same server port number that the directory server
uses. 389 is the default server port number for LDAP.
The UAG may need to authenticate itself in order to
access the CRL directory server. Type the login name (up
to 31 characters) from the entity maintaining the server
(usually a certification authority). You can use
alphanumeric characters, the underscore and the dash.
Type the password (up to 31 characters) from the entity
maintaining the CRL directory server (usually a
certification authority). You can use the following
characters: a-zA-Z0-9;|`~!@#$%^&*()_+\{}':,./<>=-
ocsp {activate|deactivate} Has the UAG check (or not check) incoming certificates
that are signed by this certificate against a directory
server that uses OCSP (Online Certificate Status Protocol).
ocsp url url [id name password password]
[deactivate]
Sets the validation configuration for the specified remote
(trusted) certificate where the directory server uses OCSP.
url: Type the protocol, IP address and pathname of the
OCSP server.
name: The UAG may need to authenticate itself in order to
access the OCSP server. Type the login name (up to 31
characters) from the entity maintaining the server
(usually a certification authority). You can use
alphanumeric characters, the underscore and the dash.
password: Type the password (up to 31 characters) from
the entity maintaining the OCSP server (usually a
certification authority). You can use the following
characters: a-zA-Z0-9;|`~!@#$%^&*()_+\{}':,./<>=-
no ca category {local|remote} certificate_name Deletes the specified local (my certificates) or remote
(trusted certificates) certificate.
no ca validation name Removes the validation configuration for the specified
remote (trusted) certificate.
Table 139 ca Commands Summary (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
