Administrator Guide
Verifying Client Certificates
Verifying client certificates is optional in the TLS protocol and is not explicitly required by Common Criteria.
However, TLS-protected Syslog and RADIUS protocols mandate that certificate-based mutual authentication be performed.
Event logging
The system logs the following events:
● A CA certificate is installed or deleted.
● A self-signed certificate and private key are generated.
● An existing host certificate, a private key, or both are deleted.
● A host certificate and private key are installed successfully.
● An installed certificate (host certificate or CA certificate) is within seven days of expiration. This alert is repeated
periodically.
● An OCSP request is not answered with an OCSP response.
● A secure session negotiation fails due to invalid, expired, or revoked certificate.
X.509v3 1043