White Papers
NOTE: A CA certicate can also be
revoked.
Verifying Server certicates
Verifying that server certicates are mandatory in the TLS protocol.
As a result, all TLS-enabled applications require certicate verication, including Syslog servers. The system checks the Server certicates
against installed CA certicates.
Verifying client certicates
Verifying that client certicates are optional in the TLS protocol and is not explicitly required by Common Criteria.
However, TLS-protected Syslog and RADIUS protocols mandate that certicate-based mutual authentication be performed.
Event logging
The system logs the following events:
• A CA certicate is installed or deleted.
• A self-signed certicate and private key are generated.
• An existing host certicate, a private key, or both are deleted.
• A host certicate is installed successfully.
• An installed certicate (host certicate or CA certicate) is within seven days of expiration. This alert is repeated periodically.
• An OCSP request is not answered with an OCSP response.
• A secure session negotiation fails due to invalid, expired, or revoked certicate.
X.509v3
1147