для Cisco Cisco Packet Data Gateway (PDG)
IPSec Certificates
Online Certificate Status Protocol (OCSP) ▀
IPSec Reference, StarOS Release 17 ▄
127
Revoked OCSP Response
Figure 24. Call Flow: Revoked OCSP Response
In this case fallback to CRL would be implemented for validating the user certificate. If this fails then the IKE_AUTH is
aborted and a notification message is sent indicating authentication failure.
aborted and a notification message is sent indicating authentication failure.
External Interface
The OCSP client to the OCSP responder interaction occurs over HTTP. A TCP socket connection is established to the
OCSP responder. This connection is taken down once the OCSP response is received. The connection is also taken
down as part of the cleanup after the setup timer expires.
OCSP responder. This connection is taken down once the OCSP response is received. The connection is also taken
down as part of the cleanup after the setup timer expires.