configure ssh2 x509v3 ocsp nonceNEW!

configure ssh2 x509v3 ocsp nonce [on | off]

Description

Enables or disables the Online Certificate Status Protocol (OCSP) nonce for SSH2 x509v3 authentication.

Syntax Description

x509v3 Specifies x509v3 certificate-based authentication.
ocsp Specifies configuring OCSP for real-time certificate revocation status checking.
nonce Specifies to cryptographically bind an OCSP request and an OCSP response with the extension id-pkix-ocsp-nonce to prevent replay attacks.
on Specifies to include the id-pkix-ocsp-nonce extension in the OCSP request and response.
off Specifies to exclude the extension (default).

Default

Off.

Usage Guidelines

Example

The following example configures nonce:

# configure ssh2 x509v3 ocsp nonce on

History

This command was first available in ExtremeXOS 32.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.