Online Certificate Status Protocol, or short: OCSP, let you obtain the revocation status of a certificate. It has some benefits over certification revocation lists, mainly that you can let the OCSP server do the heavy work of validating a certificate and the client gets some additional security when accepting the Read more…
After having the OCSP service installed and configured, the CA must be made aware of the service. Only after this, new emitted certificates by the CA will include the OCSP information. This means that you can run a OCSP service without having it included in the client certificates. In that Read more…
For the CA to be able to use OCSP, read permission to the private key must be given. Add Read permissions to Network Service on the private key Open the Certificate Templates snap-in. Select the OCSP Response Signing template. Right-click it and click on properties. Go to tab security. Click Read more…
A good TLS setup includes providing a complete certificate chain to your clients. This means that your web server is sending out all certificates needed to validate its certificate, except the root certificate. This is best practice and helps you achieving a good rating from SSL Labs. In a normal Read more…
You should secure your web site using TLS. No, that`s not a typo, it`s TLS and not SSL. SSL is dead and should not be used anymore. Praise TLS. This may sound complicated at first, but it`s not. First step is to deactivate HTTP and activate HTTPS. How to do Read more…
When you work with Afaria, you`ll sooner (iOS) or later (Android, WP) come in contact with certificates. To be more specific, with device (iOS) and user (all platforms) certificates. To make it as easy as possible to get those certificates available to the devices and users, an MDM solution makes Read more…
The creation of a certificate template is a basic administration task for a CA admin. To create a new template, open the CA management console and manage the available certificate templates Next, select a base template and duplicate it. The new template will be based on this template and inherit Read more…
For the user to able to log on with his client certificate, SAP Web Dispatcher (WD) must forward it. In a SSL termination scenario, this means that the WD is authenticating itself against a SAP backend, and repasses the client certificate of the user inside a header. SAP Help. This Read more…
For SAP Web Dispatcher be able to forward the received client certificate received by the browser, it must Re-encrypt the connection Add the client certificate as a header in the request To ensure the connection is forwarded encrypted via TLS, use the parameter wdisp/ssl_enrypt=2. Value 2 means that WD will Read more…
For the backend SAP NetWeaver ABAP system to trust the WD client certificate, it must be imported into the PSE. I am not 100% sure about this, as importing the root CA certificate should also do the trick. Transaction: STRUST Change to edit mode: Select SSL standard server Import WD Read more…