undetermined-revocation-cert-action

undetermined-revocation-cert-action

undetermined-revocation-cert-action = {ignore | log | reject}

Description

Controls the action that WebSEAL takes if OCSP or CRL is enabled but the responder cannot determine the revocation status of a certificate (that is, the revocation status is unknown). The appropriate values for this entry should be provided by the OCSP or CRL Responder owner.
Options

ignore WebSEAL ignores the undetermined revocation status and permits use of the certificate.
log WebSEAL logs the fact the certificate status is undetermined and permits use of the certificate.
reject WebSEAL logs the fact the certificate status is undetermined and rejects the certificate.

Usage:
This stanza entry is required.
Default:
The option defaults to ignore if it is not specified in the configuration file. The value for this option in the template configuration file is log.
Example:
undetermined-revocation-cert-action = log

Parent topic: [ssl] stanza

ignore	WebSEAL ignores the undetermined revocation status and permits use of the certificate.
log	WebSEAL logs the fact the certificate status is undetermined and permits use of the certificate.
reject	WebSEAL logs the fact the certificate status is undetermined and rejects the certificate.