vpn certificate ocsp-server

Use this command to specify the revocation for an Online Certificate Status Protocol (OCSP) server certificate. You can also specify the action to take if the server is not available.

config vpn certificate ocsp-server
    edit {name}
    # OCSP server configuration.
        set name {string}   OCSP server entry name. size[35]
        set url {string}   OCSP server URL. size[127]
        set cert {string}   OCSP server certificate. size[127] - datasource(s): vpn.certificate.remote.name,vpn.certificate.ca.name
        set secondary-url {string}   Secondary OCSP server URL. size[127]
        set secondary-cert {string}   Secondary OCSP server certificate. size[127] - datasource(s): vpn.certificate.remote.name,vpn.certificate.ca.name
        set unavail-action {revoke | ignore}   Action when server is unavailable (revoke the certificate or ignore the result of the check).
                revoke  Revoke certificate if server is unavailable.
                ignore  Ignore OCSP check if server is unavailable.
        set source-ip {ipv4 address}   Source IP address for communications to the OCSP server.
    next
end

url <ocsp-url>

URL of the OCSP server.

cert <name>

The OCSP server public certificate (one of the remote certificates).

secondary-url <url>

Secondary URL of the OCSP server.

secondary-cert <name>

Secondary public certificate of the OCSP server (one of the remote certificates).

unavail-action {revoke | ignore}

Upon client certification, when the server is unreachable, either revoke (by default) the certificate or ignore OCSP check.

source-ip <ipv4-address>

Source IP address for communications to the OCSP server.