Verifying Server Certificates; Verifying Client Certificates; Event Logging - Dell S6100 Configuration Manual

Verifying Server certificates

Verifying server certificates is mandatory in the TLS protocol.
As a result, all TLS-enabled applications require certificate verification, including Syslog servers. The system checks the Server certificates
against installed CA certificates.
NOTE: As part of the certificate verification, the hostname or IP address of the server is verified against the hostname or IP
address specified in the application. For example, when using SYSLOG over TLS, the hostname or IP address specified in the
logging syslog-server secure port port-number command is compared against the SubjectAltName or Common
Name field in the server certificate.

Verifying Client Certificates

Verifying client certificates is optional in the TLS protocol and is not explicitly required by Common Criteria.
However, TLS-protected Syslog and RADIUS protocols mandate that certificate-based mutual authentication be performed.

Event logging

The system logs the following events:
• A CA certificate is installed or deleted.
• A self-signed certificate and private key are generated.
• An existing host certificate, a private key, or both are deleted.
• A host certificate is installed successfully.
• An installed certificate (host certificate or CA certificate) is within seven days of expiration. This alert is repeated periodically.
• An OCSP request is not answered with an OCSP response.
• A secure session negotiation fails due to invalid, expired, or revoked certificate.
X.509v3 1081