jct-undetermined-revocation-cert-action

jct-undetermined-revocation-cert-action

jct-undetermined-revocation-cert-action = {ignore | log | reject}

Description

Controls the action that WebSEAL takes if OCSP or CRL is enabled but the responder cannot determine the revocation status of a certificate (that is, the revocation status is unknown). The appropriate values for this entry should be provided by the OCSP or CRL Responder owner.
Options

ignore WebSEAL ignores the undetermined revocation status and permits use of the certificate.
log WebSEAL logs the fact the certificate status is undetermined and permits use of the certificate.
reject WebSEAL logs the fact the certificate status is undetermined and rejects the certificate.

Usage:
This stanza entry is optional.
Default:
log
Example:
jct-undetermined-revocation-cert-action = log

Parent topic: [junction] stanza

ignore	WebSEAL ignores the undetermined revocation status and permits use of the certificate.
log	WebSEAL logs the fact the certificate status is undetermined and permits use of the certificate.
reject	WebSEAL logs the fact the certificate status is undetermined and rejects the certificate.