Configure cmp-global-config

The cmp-global-config element establishes configuration that applies to all of your CMP servers, certificates and operation.

This feature is most applicable for managing deployments that include large numbers of certificates. Follow the steps below to configure the cmp-global-config:

Access the cmp-global-config configuration element.

ORACLE(cmp)# cmp-global-config
ORACLE(cmp-global-config)#

log-level: Specify the log-level for CMP. The default log-level is INFO.
- Default: INFO
- EMERGENCY
- ALERT
- CRITICAL
- ERROR
- WARNING
- NOTICE
- INFO
- DEBUG
- TRACE
renew-before-expiry: Specify the time, in days, after which the system sends renewal requests (KUR – key update request) to the CMP server to acquire a new certificate. The system sends KUR messages during the configured KUR window. If you set this value to 0, the system does not send a renewal request (KUR), and expired certificates are silently deleted from the system. If the validity period of the certificate from the CMP server is less than renew-before-expiry, the SBC rejects the certificate.
- Default: 30 days
- Range: 0 to 90 days
kur-start-time-of-day: Enter the local system time of day, in HHMM format, for the system start examining certificate records for KUR operations.
- Default: 2300
- Range: 0000 to 2400
kur-end-time-of-day: Enter the local system time of day, in HHMM format, for the system stop examining certificate records for KUR operations. The KUR window cannot cross midnight. The stop time must be later than the start time.
- Default: 2330
- Range: 0000 to 2400
Because the SBC only checks for CMP changes every five minutes, configuring a shorter KUR window is not practical. Oracle recommends configuring the window to more than ten minutes.
options: This field is a standard SBC options parameter, requiring the standard option syntax.
Type done to establish your global-cmp-config settings.
Save and Activate your configuration.