Client Authentication Policy Policy_1 Validation Menu] method - Set certificate validation check method ocspmode - Set OCSP validation mode staturi - Set static URI for OCSP validation requests stpleuri - Set static URI for OCSP stapling requests statsecuri - Set secondary static URI for OCSP validation requests stplsecuri - Set secondary static URI for OCSP stapling requests uriprior - Set OCSP URI priority stplepri - Set OCSP Stapling URI priority crluri - Set CRL Distribution Point (CDP) URI Priority cachtime - Set OCSP response cache time timedev - Set OCSP response time deviation algorthm - Set allowed signing algorithm for the OCSP response crlfile - Set CRL file crlgroup - Set backup CRL Distribution Points group gracetime - Set CDP general grace time interval - Set CDP update interval vchain - Enable/Disable validating every CA certificate in the CA chain using OCSP secure - Enable/Disable secure OCSP response by sending random nonce with the request retries - Set number of retries to OCSP servers cur - Display current validity configuration |
Command Syntax and Usage | |
---|---|
method | |
Specifies the method for validating whether a certificate, that was already validated as issued by a trusted entity, has not been revoked. Values: ![]() ![]() ![]() Relevant only for Client Authentication Policy. ![]() Relevant only for Client Authentication Policy. Default: none | |
ocspmode [ocsp|stapling|both] | |
Specifies the OCSP validation mode. Valid values: ![]() On a Server authentication policy, Alteon validates the server certificate, vis-à-vis the OCSP servers. ![]() On a Server authentication policy, Alteon requests the OCSP status from the backend server (OCSP Staple), allowing Alteon to validate the certificate received from server without communicating with the OCSP servers. ![]() ![]() | |
staturi | |
Specifies the static URI for OCSP validation requests. | |
stpleuri | |
Enter the static URI for sending OCSP Stapling validation requests. <"URL character string"> | |
statsecuri | |
Enter the secondary static URI for sending OCSP validation requests. | |
stplsecuri | |
Enter the secondary static URI for sending OCSP Stapling validation requests. | |
uriprior | |
The OCSP access point can be configured (static URI) or can be provided in the certificate (in the Authority Information Access extension). The OCSP URI priority defines whether to check first if the location is provided in the certificate or not. Values: ![]() ![]() Default: clientcert | |
stplepri [clientcert|staticuri] | |
The OCSP access point can be configured (static URI) or can be provided in the certificate (in the Authority Information Access extension). The OCSP URI priority defines whether to check first if the location is provided in the certificate or not. Values: clientcert (Certificate OCSP URI) — Check for the location in the certificate and, if not available, use the static URI. staticuri (Static URI) — Always access the statically configured URI. Default: clientcert | |
crluri embedded|userdefined | |
Specifies whether to first access the CDP URI received in the certificate extensions, or always use the locations defined by the user in the CDP group. Values: ![]() Default: embedded | |
cachtime <0 – 180000> | |
Specifies the length of time for which the OCSP response is cached, in seconds. | |
timedev <0 – 2678400> | |
Allows to overlook small deviations, in seconds, between Alteon and OCSP server timestamps when performing OCSP signature verification. Default: 75 | |
algorthm all|md5|sha1|sha256|sha384|sha512 | |
Specifies the signing algorithms allowed for the OCSP response. Default: all | |
crlfile | |
Specifies the Certificate Revocation List (CRL) file. | |
crlgroup | |
Specifies the group of CRL Distribution Points that Alteon should contact to retrieve the CRL file. | |
gracetime <0-100000> | |
Specifies how long, in minutes, you can continue using a CRL file that has expired. Such an event can occur when communication to the CDP servers fails, or when an expired file is received. | |
interval <0-720000> | |
Specifies at which interval, in minutes, to access the CDP servers and download the CRL file. | |
vchain disabled|enabled | |
Specifies whether to enable validation of every certificate in the certificate chain, or only of the authenticated element (client/server) certificate. Default: disabled | |
secure disabled|enabled | |
Specifies whether to verify that the certificate status information received from the OCSP responder is up-to-date by sending a random nonce (a random sequence of 20 bytes) in the OCSP request. The OCSP responder must use its secret key to sign the response containing this nonce. Default: enabled | |
retries | |
Specifies the number of retries to OCSP servers. Values: 1-5 Default: 3 | |
cur | |
Displays the current status for all validity settings. |