Enables or disables Online Certificate Status Protocol (OCSP) signer's ocsp-nocheck for RADIUS TLS servers.
|tls||Specifies Transport Layer Security (TLS).|
|ocsp||Specifies the OCSP attribute.|
|ocsp-nocheck||Specifies the extension id-pkix-ocsp-nocheck. If present in the OCSP signer's certificate, then it is trusted for its lifetime.|
|on||Specifies to override the id-pkix-ocsp-nocheck extension in the OCSP signer's certificate and forces the extension as if it is present.|
|off||Specifies to behave per the extension's presence in the OCSP signer's certificate. If not present and the OCSP signer is not root CA, then the whole OCSP will fail (default).|
|signer||Specifies the OCSP signer that signs the OCSP response.|
The following example enables OCSP signer's nocheck for a RADIUS TLS server.
# configure radius tls ocsp signer ocsp-nocheck on
This command was first available in ExtremeXOS 32.2.
This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.