configure radius tls ocsp nonceNEW!

configure radius tls ocsp nonce [on | off]

Description

Enables or disables Online Certificate Status Protocol (OCSP) nonce for RADIUS TLS servers.

Syntax Description

tls Specifies Transport Layer Security (TLS).
ocsp Specifies the OCSP attribute.
nonce Specifies to cryptographically bind an OCSP request and an OCSP response with the extension id-pkix-ocsp-nonce to prevent replay attacks.
on Specifies to include the id-pkix-ocsp-nonce extension in the OCSP request and response.
off Specifies to exclude the extension (default).

Default

Off.

Usage Guidelines

Example

The following example configures nonce:

# configure radius tls ocsp nonce on

History

This command was first available in ExtremeXOS 32.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.