Installation & Operation Manual 338 Document # LTRT-92224
Mediant 8000
33.10.8 Checking Certificate Revocation Status
X.509 certificates are normally issued for a planned lifetime, which is defined through
a validity start time and an explicit expiration date. However various circumstances
may lead to a certificate becoming invalid prior to its expiration date. Such
circumstances include change of name (for example, requiring to change the subject
of a certificate), and compromise or suspected compromise of the CA's private key.
The Mediant 8000 uses the OCSP protocol (as defined in RFC 2560) to check the
revocation status of X.509 certificates. To configure this functionality, use the following
parameters located in the OCSP Settings tab of the Media Gateway Security Settings
screen:
Table
33-5: OCSP Server Settings
Parameter Name Type Provisioning Type Description
OCSP Mode Enum
Enable,
Disable
Instant Enables or disables the use of the
OCSP protocol to verify X.509
certificate revocation status.
Default OCSP
Response
Enum
Reject, Allow
Instant Defines Media Gateway behavior in
the case where the OCSP responder
is unreachable.
Reject – reject certificate
Allow – allow certificate use
Primary OCSP
Server IP
IP Address Instant IP address of the primary OCSP
server.
Secondary OCSP
Server IP
IP Address Instant IP address of the secondary OCSP
server.
OCSP Server Port Integer
0-65535
Instant TCP port of the OCSP server.
To Next Page
Loading...
