rladmin 群集 OCSP
管理 OCSP。
| Redis 企业软件 |
|---|
管理 OCSP 配置并验证由第三方证书颁发机构 (CA) 维护的服务器证书的状态。
ocsp certificate_compatible
检查代理证书是否包含 OCSP URI。
rladmin cluster ocsp certificate_compatible
Parameters
None
Returns
Returns the OCSP URI if it exists. Otherwise, it returns an error.
Example
$ rladmin cluster ocsp certificate_compatible
Success. OCSP URI is http://responder.ocsp.url.com
ocsp config
Displays or updates OCSP configuration. Run the command without the set option to display the current configuration of a parameter.
rladmin cluster ocsp config <OCSP parameter>
[set <value>]
Parameters
Parameter
Type/Value
Description
ocsp_functionality
enabled
disabled
Enables or turns off OCSP for the cluster
query_frequency
integer (range: 60-86400) (default: 3600)
The time interval in seconds between OCSP queries to check the certificate's status
recovery_frequency
integer (range: 60-86400) (default: 60)
The time interval in seconds between retries after a failed query
recovery_max_tries
integer (range: 1-100) (default: 5)
The number of retries before the validation query fails and invalidates the certificate
responder_url
string
The OCSP server URL embedded in the proxy certificate (you cannot manually set this parameter)
response_timeout
integer (range: 1-60) (default: 1)
The time interval in seconds to wait for a response before timing out
Returns
If you run the ocsp config command without the set option, it displays the specified parameter's current configuration.
Example
$ rladmin cluster ocsp config recovery_frequency
Recovery frequency of the OCSP server is 60 seconds
$ rladmin cluster ocsp config recovery_frequency set 30
$ rladmin cluster ocsp config recovery_frequency
Recovery frequency of the OCSP server is 30 seconds
ocsp status
Returns the latest cached status of the certificate's OCSP response.
rladmin cluster ocsp status
Parameters
None
Returns
Returns the latest cached status of the certificate's OCSP response.
Example
$ rladmin cluster ocsp status
OCSP certificate status is: REVOKED
produced_at: Wed, 22 Dec 2021 12:50:11 GMT
responder_url: http://responder.ocsp.url.com
revocation_time: Wed, 22 Dec 2021 12:50:04 GMT
this_update: Wed, 22 Dec 2021 12:50:11 GMT
ocsp test_certificate
Queries the OCSP server for the certificate's latest status, then caches and displays the response.
rladmin cluster ocsp test_certificate
Parameters
None
Returns
Returns the latest status of the certificate's OCSP response.
Example
$ rladmin cluster ocsp test_certificate
Initiating a query to OCSP server
...OCSP certificate status is: REVOKED
produced_at: Wed, 22 Dec 2021 12:50:11 GMT
responder_url: http://responder.ocsp.url.com
revocation_time: Wed, 22 Dec 2021 12:50:04 GMT
this_update: Wed, 22 Dec 2021 12:50:11 GMT
On this page