configure syslog tls ocsp signerNEW!

configure syslog tls ocsp signer ocsp-nocheck [on | off]

Description

Enables or disables Online Certificate Status Protocol (OCSP) signer's ocsp-nocheck for Transport Layer Security (TLS) connections to remote Syslog servers.

Syntax Description

syslog Specifies configuring the remote Syslog target.
tls Specifies Transport Layer Security (TLS).
ocsp Specifies configuring OCSP for real-time certificate revocation status checking.
signer Specifies the OCSP signer that signs the OCSP response.
ocsp-nocheck Specifies the extension id-pkix-ocsp-nocheck. If present in the OCSP signer's certificate, then it is trusted for its lifetime.
on Specifies to override the id-pkix-ocsp-nocheck extension in the OCSP signer's certificate and forces the extension as if it is present.
off Specifies to behave per the extension's precense in the OCSP signer's certificate. If not present and the OCSP signer is not root CA, then the whole OCSP will fail (default).

Default

Off.

Usage Guidelines

Example

The following example enables OCSP signer's nocheck for TLS connections to a remote Syslog server.

# configure syslog tls ocsp signer ocsp-nocheck on

History

This command was first available in ExtremeXOS 32.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.