ocsp disable-nonce
Syntax
ocsp disable-nonce
no ocsp disable-nonce
Description
Configures exclusion of the nonce from OCSP requests. A nonce is a unique identifier that an OCSP client inserts in an OCSP request and expects the OCSP responder to include it in the corresponding OCSP response. The nonce mechanism helps prevent replay attacks in which a malicious player attempts to masquerade as the OCSP responder. Although the nonce is included by default, it can be excluded. Some OCSP responders choose to not support the use of the nonce due to performance considerations.
The
no
form of this command re-enables nonce inclusion in OCSP requests.
Command context
config-ta-<TA-NAME>
Authority
Administrators or local user group members with execution rights for this command.
Examples
Disable inclusion of the nonce in OCSP requests for TA profile
root-cert
:
switch(config)# crypto pki ta-profile root-cert switch(config-ta-root-cert)# ocsp disable-nonce
Enable inclusion of the nonce in OCSP requests for TA profile
root-cert
:
switch(config)# crypto pki ta-profile root-cert switch(config-ta-root-cert)# no ocsp disable-nonce