OCSP part 5 – Further configuration steps

Let the world know ...Tweet about this on TwitterShare on Google+0Share on Facebook0Email this to someoneShare on LinkedIn0

After having OCSP installed, configured and having CA include OCSP information in newly emitted certificates, the basic configuration is done and you are ready to use OCSP in your environment. To make better use of OCSP, some additional configuration steps should be done, like enabling NONCE. Microsoft test client isn`t using NONCE and their test will pass, while OpenSSL uses NONCE and that test will fail. Generally, enabling it ensures you`ll have less problems with a wide range of clients.

Enable NONCE

Edit OCSP configuration properties.

Go to tab Signing and enable NONCE.

Check status

In case you get a signing certificate not available for the array controller, do a refresh of the node.

The status should be empty.

In the CA, an OCSP signing certificate must appear in the list of issued certificates.

Let the world know ...Tweet about this on TwitterShare on Google+0Share on Facebook0Email this to someoneShare on LinkedIn0

One thought on “OCSP part 5 – Further configuration steps

  1. Pingback: Online Certificate Status Protocol | It`s full of stars!

Leave a Reply

Your email address will not be published. Required fields are marked *