configure ssh2 x509v3 ocsp signer

configure ssh2 x509v3 ocsp signer ocsp-nocheck [on | off]


Enables or disables Online Certificate Status Protocol (OCSP) signer's ocsp-nocheck for SSH2 x509v3 authentication.

Syntax Description

x509v3 Specifies x509v3 certificate-based authentication.
ocsp Specifies configuring OCSP for real-time certificate revocation status checking.
ocsp-nocheck Specifies the extension id-pkix-ocsp-nocheck. If present in the OCSP signer's certificate, then it is trusted for its lifetime.
on Specifies to override the id-pkix-ocsp-nocheck extension in the OCSP signer's certificate and forces the extension as if it is present.
off Specifies to behave per the extension's presence in the OCSP signer's certificate. If not present and the OCSP signer is not root CA, then the whole OCSP will fail (default).
signer Specifies the OCSP signer that signs the OCSP response.



Usage Guidelines


The following example enables OCSP signer's ocsp-nocheck for a SSH2 x509v3 server.

# configure ssh2 x509v3 ocsp signer ocsp-nocheck on


This command was first available in ExtremeXOS 32.2.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.