I am using PA2050 PanOS4.02. I also want to know is the cert if being timeout or allowed. On OSCP responder log, I can check PA2050 queries and the response to PA2050 On PA2050, as the capture, it shows the cert has been revoked. (I cannot find log for good cert though, I don"t know if PA do not log good cert events or it cannot get response) However both good or revoked cert is not allowed if the "block timeout cert" is checked. And other reason I think all cert has been timeout is PA do retry every query 3 times. So the unknown area is: 1. It looks like PA2050 timeout all revoked and good cert, but interestingly it actuallly got response from OSCP responder which able to log a revoked cert events.
... View more