Access: Online Certificate Status Protocol (OCSP) Client Certificate Validation
In this section, client certificate validation can be configured using OCSP.
To use the OCSP Client Certificate Validation, do the following:
Log in to your Software Appliance and open the Access page.
In the section OCSP Client Certificate Validation, a list with the interfaces is displayed.
In the column Actions click Configure to open the corresponding form:
The OCSP Responder Configuration form enables the following configurations:
The OCSP Status got three option in a scroll down menu:
Disabled: No OCSP checks.
This option disables OCSP validation of the client certificate chain.
Enabled: Activates OCSP client certificate validation.
This option enables OCSP validation of the client certificate chain. If this option is activated, the certificates in the client's certificate chain are checked with an OCSP responder after the normal check (including CRL checks) has taken place.
Enabled (Leaf-Mode): If this option is activated, only the client certificate itself will be validated.
General Settings:
Default OCSP Responder URI
AIA + custom OCSP endpoint.
This option specifies the default OCSP responder to be used. If you do not use only this OCSP responder, the specified URI is only used if no responder URI is specified in the certificate to be checked.
Use only this OCSP Responder
If this option is activated, it forces the use of the configured OCSP responder in the OCSP certificate check. This happens regardless of whether the certificate to be checked refers to an OCSP responder.
Do not verify the OCSP result
If this option is activated, it skips the OCSP responder certificates verification.
This is mostly useful when testing an OCSP server.
Click Save Configuration to confirm your setting.
Note that you cannot activate OCSP on the default interface.