configure syslog tls ocsp nonce

configure syslog tls ocsp nonce [on | off]


Enables or disables Online Certificate Status Protocol (OCSP) nonce for Transport Layer Security (TLS) connections to remote Syslog servers.

Syntax Description

syslog Specifies configuring the remote Syslog target.
tls Specifies configuring TLS.
ocsp Specifies configuring OCSP for real-time certificate revocation status checking.
nonce Specifies to cryptographically bind an OCSP request and an OCSP response with the extension id-pkix-ocsp-nonce to prevent replay attacks.
on Specifies to include the id-pkix-ocsp-nonce extension in the OCSP request and response.
off Specifies to exclude the extension (default).



Usage Guidelines


The following example configures nonce:

# configure syslog tls ocsp nonce on


This command was first available in ExtremeXOS 32.2.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.