Enables or disables Online Certificate Status Protocol (OCSP) signer's ocsp-nocheck for Transport Layer Security (TLS) connections to remote Syslog servers.
syslog | Specifies configuring the remote Syslog target. |
tls | Specifies Transport Layer Security (TLS). |
ocsp | Specifies configuring OCSP for real-time certificate revocation status checking. |
signer | Specifies the OCSP signer that signs the OCSP response. |
ocsp-nocheck | Specifies the extension id-pkix-ocsp-nocheck. If present in the OCSP signer's certificate, then it is trusted for its lifetime. |
on | Specifies to override the id-pkix-ocsp-nocheck extension in the OCSP signer's certificate and forces the extension as if it is present. |
off | Specifies to behave per the extension's precense in the OCSP signer's certificate. If not present and the OCSP signer is not root CA, then the whole OCSP will fail (default). |
Off.
The following example enables OCSP signer's nocheck for TLS connections to a remote Syslog server.
# configure syslog tls ocsp signer ocsp-nocheck on
This command was first available in ExtremeXOS 32.1.
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.