Enables or disables the Online Certificate Status Protocol (OCSP) nonce for SSH2 x509v3 authentication.
|x509v3||Specifies x509v3 certificate-based authentication.|
|ocsp||Specifies configuring OCSP for real-time certificate revocation status checking.|
|nonce||Specifies to cryptographically bind an OCSP request and an OCSP response with the extension id-pkix-ocsp-nonce to prevent replay attacks.|
|on||Specifies to include the id-pkix-ocsp-nonce extension in the OCSP request and response.|
|off||Specifies to exclude the extension (default).|
The following example configures nonce:
# configure ssh2 x509v3 ocsp nonce on
This command was first available in ExtremeXOS 32.2.
This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.