search cancel

Meaning of the SSLV remote session log Certificate Status codes

book

Article ID: 189878

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

When sending SSLV Session logs to a remote syslog server the Certificate Status is reported as a series of codes, for example; V|EC|EU|OG. 

Resolution

The meaning of these codes are listed below.

Certificate Status
R  = Revoked
P  = Invalid Purpose
IC = Incomplete Chain
II = Invalid Issuer
IS = Invalid Signature
SS = Self Signed
EXT = Unsupported Critical Extension
CRL = CRL Error
WK = Weak Key < 512 bits
EX = Expired
NY = Not Valid Yet
V = Valid

Cache Information
CC = Completed Chain Using Cache
EC = Endpoint_from_cache
EU = Endpoint_unique_in_cache

Stapled OCSP Validation
OG = VALIDITY_GOOD
OER = ERROR_RESPONDER
OEX = VALIDITY_EXPIRED
OESF = ERROR_SIGNATURE_VERIFY_FAIL
ORS = VALIDITY_REVOKED_SUPERSEDED
ORC = VALIDITY_REVOKED_CESSATION
ORU = VALIDITY_REVOKED_UNKNOWN
OENM = ERROR_NO_MATCH