Meaning of the SSLV remote session log Certificate Status codes
Article ID: 189878
Updated On:
Products
SSL Visibility Appliance Software
Issue/Introduction
When sending SSLV Session logs to a remote syslog server the Certificate Status is reported as a series of codes, for example; V|EC|EU|OG.
Resolution
The meaning of these codes are listed below.
Certificate Status
II = Invalid Issuer
IS = Invalid Signature
SS = Self Signed
EXT = Unsupported Critical Extension
CRL = CRL Error
WK = Weak Key < 512 bits
EX = Expired
NY = Not Valid Yet
V = Valid
Cache Information
CC = Completed Chain Using Cache
EC = Endpoint_from_cache
EU = Endpoint_unique_in_cache
Stapled OCSP Validation
OG = VALIDITY_GOOD
OER = ERROR_RESPONDER
OEX = VALIDITY_EXPIRED
OESF = ERROR_SIGNATURE_VERIFY_FAIL
ORS = VALIDITY_REVOKED_SUPERSEDED
ORC = VALIDITY_REVOKED_CESSATION
ORU = VALIDITY_REVOKED_UNKNOWN
OENM = ERROR_NO_MATCH
Certificate Status
R = Revoked
P = Invalid Purpose
IC = Incomplete ChainP = Invalid Purpose
II = Invalid Issuer
IS = Invalid Signature
SS = Self Signed
EXT = Unsupported Critical Extension
CRL = CRL Error
WK = Weak Key < 512 bits
EX = Expired
NY = Not Valid Yet
V = Valid
Cache Information
CC = Completed Chain Using Cache
EC = Endpoint_from_cache
EU = Endpoint_unique_in_cache
Stapled OCSP Validation
OG = VALIDITY_GOOD
OER = ERROR_RESPONDER
OEX = VALIDITY_EXPIRED
OESF = ERROR_SIGNATURE_VERIFY_FAIL
ORS = VALIDITY_REVOKED_SUPERSEDED
ORC = VALIDITY_REVOKED_CESSATION
ORU = VALIDITY_REVOKED_UNKNOWN
OENM = ERROR_NO_MATCH
Feedback
Yes
No
Powered by
