With this setting you enable the real-time check of a X.509 certificate via OCSP, which checks the validity of the remote station's certificate. In order to use the OCSP check for individual VPN connections, you must first enable the global OCSP client for VPN connections and then create profile lists of the valid certificate authorities used by the device to perform the real-time check.
Note: Please note that the check via OCSP only checks the locking status of a certificate, but it does not check the mathematical correctness of its signature, validity period, or other usage restrictions.
- Telnet path:
- Possible values:
- No
- Yes
- Default:
- No