OCSP part 5 – Further configuration steps
After having OCSP installed, configured and having CA include OCSP information in newly emitted certificates, the basic configuration is done and you are ready to use OCSP in your environment. To make better use of OCSP, some additional configuration steps should be done, like enabling NONCE. Microsoft test client isn`t using NONCE and their test will pass, while OpenSSL uses NONCE and that test will fail. Generally, enabling it ensures you`ll have less problems with a wide range of clients.
Enable NONCE
Edit OCSP configuration properties.
Go to tab Signing and enable NONCE.
Check status
In case you get a signing certificate not available for the array controller, do a refresh of the node.
The status should be empty.
In the CA, an OCSP signing certificate must appear in the list of issued certificates.
1 Comment
Online Certificate Status Protocol | It`s full of stars! · August 30, 2016 at 09:24
[…] OCSP part 5 – Further configuration steps […]