SSO logon with an X.509 certificate offers some benefits. In this blog, I’ll cover the main benefits, problems and attention areas when using X.509 for SSO. As a practical example the X.509 logon with NetWeaver ABAP is shown. To access an ICM service on a NetWeaver ABAP system (NW ABAP), Read more…
Online Certificate Status Protocol, or short: OCSP, let you obtain the revocation status of a certificate. It has some benefits over certification revocation lists, mainly that you can let the OCSP server do the heavy work of validating a certificate and the client gets some additional security when accepting the Read more…
To test if OCSP is working, you need to have a certificate with OCSP information included. This is only available for certificates emitted AFTER the service was installed, configured and activated on the CA. Therefore, you`ll need to first create a new certificate for your tests. Depending on your CA Read more…
After having OCSP installed, configured and having CA include OCSP information in newly emitted certificates, the basic configuration is done and you are ready to use OCSP in your environment. To make better use of OCSP, some additional configuration steps should be done, like enabling NONCE. Microsoft test client isn`t Read more…
After having the OCSP service installed and configured, the CA must be made aware of the service. Only after this, new emitted certificates by the CA will include the OCSP information. This means that you can run a OCSP service without having it included in the client certificates. In that Read more…
For the CA to be able to use OCSP, read permission to the private key must be given. Add Read permissions to Network Service on the private key Open the Certificate Templates snap-in. Select the OCSP Response Signing template. Right-click it and click on properties. Go to tab security. Click Read more…
After installing OCSP component in Windows, it is time to configure the service: how OCSP requests are going to be handled; from where to receive the CRL, specify OCSP certificate, etc. Open the Online Responder snap-in. Click on Revocation Configuration. The list of available configuration is empty. Add a new Read more…
Installing OCSP Responder Role You can install the OCSP responder role in Windows Server 2008 R2 either via a command line tool or by using the role wizard. Command line Command: servermanagercmd.exe –install ADCS-Online-Cert Whooops, deprecated 😀 Nevertheless, works. You just have to wait for the installer to finish. Role Read more…