Enables or disables the Online Certificate Status Protocol (OCSP) nonce for SSH2 x509v3 authentication.
| x509v3 | Specifies x509v3 certificate-based authentication. |
| ocsp | Specifies configuring OCSP for real-time certificate revocation status checking. |
| nonce | Specifies to cryptographically bind an OCSP request and an OCSP response with the extension id-pkix-ocsp-nonce to prevent replay attacks. |
| on | Specifies to include the id-pkix-ocsp-nonce extension in the OCSP request and response. |
| off | Specifies to exclude the extension (default). |
Off.
The following example configures nonce:
# configure ssh2 x509v3 ocsp nonce on
This command was first available in ExtremeXOS 32.2.
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X690, and X695 series switches.