configure syslog tls ocsp nonceNEW!

configure syslog tls ocsp nonce [on | off]

Description

Enables or disables Online Certificate Status Protocol (OCSP) nonce for Transport Layer Security (TLS) connections to remote Syslog servers.

Syntax Description

syslog Specifies configuring the remote Syslog target.
tls Specifies configuring TLS.
ocsp Specifies configuring OCSP for real-time certificate revocation status checking.
nonce Specifies to cryptographically bind an OCSP request and an OCSP response with the extension id-pkix-ocsp-nonce to prevent replay attacks.
on Specifies to include the id-pkix-ocsp-nonce extension in the OCSP request and response.
off Specifies to exclude the extension (default).

Default

Off.

Usage Guidelines

Example

The following example configures nonce:

# configure syslog tls ocsp nonce on

History

This command was first available in ExtremeXOS 32.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.