Inserted or changed with LCOS 8.50
This item defines how the device behaves if certificate evaluation fails. During connection establishment, the OCSP client first queries the OCSP responder about the validity of the certificate.If the certificate is about to expire, the OCSP client automatically repeats the query about the validity before the certificate expires.
Telnet path: /Setup/Certificates/OCSP-Client/Ca-Profile-Table
Possible values:
- Strict: The device will block connection establishment if the OCSP responder answers requests for the certificate used during connection establishment in one of the following ways:
- The OSCP responder does not answer
- The OSCP responder responds that the certificate is unknown
- The OSCP responder recognizes the certificate and marks it as revoked
- Loose: The device will block connection establishment if the OCSP responder answers requests for the certificate used during connection establishment in one of the following ways:
- The OSCP responder does not answer
- The OSCP responder responds that the certificate is unknown
Default: Strict
Anmerkung: If necessary, you can log and review the results of certificate evaluation by the OCSP responder with SYSLOG, SNMP traps and relevant traces.