This item defines how the device behaves if certificate evaluation fails. During connection establishment, the OCSP client first queries the OCSP responder about the validity of the certificate. If the certificate is about to expire, the OCSP client automatically repeats the query about the validity before the certificate expires.
Note: If necessary, you can log and review the results of certificate evaluation by the OCSP responder with SYSLOG, SNMP traps and relevant traces.
- Telnet path:
- Possible values:
-
- Strict: If the OCSP responder reports that the certificate used during connection establishment is not valid, the device does not establish a connection to the remote site. If during an ongoing connection the OCSP responder does not confirm a new request in good time before the certificate's expiry, the device will cut the connection.
- Loose: If the OCSP responder reports that the certificate used during connection establishment is not valid, the device will still establish a connection to the remote site. Even if during an ongoing connection the OCSP responder does not confirm a new request in good time before the certificate's expiry, the device will not cut the connection.
- Default:
- Strict
