Cisco Cisco Packet Data Gateway (PDG)
IPSec Certificates
Online Certificate Status Protocol (OCSP) ▀
IPSec Reference, StarOS Release 16 ▄
123
In IKE exchange (During the AUTH phase) the remote certificate is present in the CERT payload of the IKE message.
Figure 22. OCSP Status Request
The security gateway passes this certificate along with its issuer certificate (trusted by security gateway) to the OCSP
responder. IKE exchange is suspended (after step 3) until the response from the OCSP responder arrives. The OCSP
request is initiated only when the presented certificate has the OCSP responder URL. If the URL is absent the OCSP
request is not initiated.
responder. IKE exchange is suspended (after step 3) until the response from the OCSP responder arrives. The OCSP
request is initiated only when the presented certificate has the OCSP responder URL. If the URL is absent the OCSP
request is not initiated.
If an OCSP response fails or if there is any error while contacting the responder, the certificate is validated with the
CRL. Authentication is failed if an error is encountered while verifying with OCSP and or via a Certificate Revocation
List (CRL).
CRL. Authentication is failed if an error is encountered while verifying with OCSP and or via a Certificate Revocation
List (CRL).