PKI Global Settings Configuration Mode Commands


To configure public key infrastructure (PKI) encryption global settings on a WAAS device, use the crypto pki global-settings global configuration command.

crypto pki global-settings

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

global configuration

Device Modes

application-accelerator

Usage Guidelines

Use the crypto pki global-settings command to configure OCSP and revocation checking. The crypto pki global-settings command initiates the global settings configuration mode, as indicated by the following prompt:

WAE(config-pki-global-settings)

Within PKI global settings configuration mode, you can use PKI global settings commands to define PKI settings. To return to global configuration mode, enter exit at the PKI global settings configuration mode prompt.

Examples

The following example shows how to enter PKI global settings configuration mode:

WAE(config)# crypto pki global-settings
WAE(config-pki-global-settings)# 

Related Commands

(config-pki-global-settings) ocsp

(config-pki-global-settings) revocation-check

(config-pki-global-settings) ocsp

To enter the URL to be used as the global settings for the Online Certificate Status Protocol (OCSP) protocol revocation status checking, use the ocsp global settings configurations mode command.

ocsp url http://address

Syntax Description

url http://address

URL to be used for OCSP revocation status checking.


Defaults

No default behavior or values.

Command Modes

PKI global settings configuration

Device Modes

application-accelerator

central-manager

Examples

The following example shows how to define the OCSP URL as www.myocspurl.com:

WAE(config)# crypto pki global-settings
WAE(config-pki-global-settings)# ocsp url http://www.myocspurl.com

Related Commands

(config-pki-global-settings) revocation-check

(config-pki-global-settings) revocation-check

To configure the global settings revocation checking method, use the revocation-check command.

revocation-check {ocsp-cert-url | ocsp-url} [none]

Syntax Description

ocsp-cert-url

Enables Online Certificate Status Protocol (OCSP) revocation status checking using the CA server URL defined in the CA certificate.

ocsp-url

Enables OCSP revocation status checking using the URL defined for the global OCSP settings.

none or null

Specifies a revocation check null method that returns revocation.


Defaults

No default behavior or values.

Command Modes

PKI global settings configuration

Device Modes

application-accelerator

central-manager

Examples

The following example shows how to configure the global revocation checking to use the URL defined in the global OCSP settings:

WAE(config)# crypto pki global-settings
WAE(config-pki-global-settings)# revocation-check ocsp-url

The following example shows how to configure the global revocation checking use the URL defined in the global OCSP settings as the first method, and to use no checking as the second method:

WAE(config)# crypto pki global-settings
WAE(config-pki-global-settings)# revocation-check ocsp-url none

Related Commands

(config-pki-global-settings) ocsp