Controller Based WLANs

Does VIA support validation of the Revocation Status of a Peer Certificate using OCSP ?

Aruba Employee
Q:

Does VIA support validation of the Revocation Status of a Peer Certificate using OCSP ?



A:

Yes, from VIA 2.3 it performs revocation check of server certificate exchanged during IKE negotiation and
EAP-TLS exchange using the Online Certificate Status Protocol (OCSP) method. VIA extract OCSP responder
information from certificate being checked. If OCSP responder information is unavailable in certificate,
revocation check is skipped . We can enable OCSP revocation check through VIA connection profile .

aaa authentication via connection-profile "default"
  ocsp-responder ike-url "OCSP URL embedded in the certificate example: http://ocsp.usertrust.com "
  ocsp-responder eap-url "OCSP URL embedded in the certificate example: http://ocsp.usertrust.com "

  
  
We can also define if VIA connection should be allowed in case OCSP status cannot be determined for some reason

aaa authentication via connection-profile "default"
 ocsp-responder fallback accept

Version history
Revision #:
2 of 2
Last update:
‎11-25-2015 04:08 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.