It's full of stars!

  • All Content
  • About

ocsp

Basis SAP Security Technology

SSO Logon with X.509 certificate

SSO logon with an X.509 certificate offers some benefits. In this blog, I’ll cover the main benefits, problems and attention areas when using X.509 for SSO. As a practical example the X.509 logon with NetWeaver ABAP is shown. To access an ICM service on a NetWeaver ABAP system (NW ABAP), Read more…

By Tobias Hofmann, 5 yearsJuly 24, 2020 ago
SMP Technology

Online Certificate Status Protocol

Online Certificate Status Protocol, or short: OCSP, let you obtain the revocation status of a certificate. It has some benefits over certification revocation lists, mainly that you can let the OCSP server do the heavy work of validating a certificate and the client gets some additional security when accepting the Read more…

By Tobias Hofmann, 9 yearsAugust 30, 2016 ago
SMP Technology

OCSP part 6 – Test OCSP service

To test if OCSP is working, you need to have a certificate with OCSP information included. This is only available for certificates emitted AFTER the service was installed, configured and activated on the CA. Therefore, you`ll need to first create a new certificate for your tests. Depending on your CA Read more…

By Tobias Hofmann, 9 yearsJuly 21, 2016 ago
SMP Technology

OCSP part 5 – Further configuration steps

After having OCSP installed, configured and having CA include OCSP information in newly emitted certificates, the basic configuration is done and you are ready to use OCSP in your environment. To make better use of OCSP, some additional configuration steps should be done, like enabling NONCE. Microsoft test client isn`t Read more…

By Tobias Hofmann, 9 yearsJuly 18, 2016 ago
SMP Technology

OCSP part 4 – Configure CA to support OCSP Responders

After having the OCSP service installed and configured, the CA must be made aware of the service. Only after this, new emitted certificates by the CA will include the OCSP information. This means that you can run a OCSP service without having it included in the client certificates. In that Read more…

By Tobias Hofmann, 9 yearsJuly 11, 2016 ago
SMP Technology

OCSP part 3 – Add read permission to NetWork Service

For the CA to be able to use OCSP, read permission to the private key must be given. Add Read permissions to Network Service on the private key Open the Certificate Templates snap-in. Select the OCSP Response Signing template. Right-click it and click on properties. Go to tab security. Click Read more…

By Tobias Hofmann, 9 years ago
SMP Technology

OCSP part 2 – Create a Revocation Configuration

After installing OCSP component in Windows, it is time to configure the service: how OCSP requests are going to be handled; from where to receive the CRL, specify OCSP certificate, etc. Open the Online Responder snap-in. Click on Revocation Configuration. The list of available configuration is empty. Add a new Read more…

By Tobias Hofmann, 9 yearsJune 9, 2016 ago
SMP Technology

OCSP part 1 – Install an Online Responder

Installing OCSP Responder Role You can install the OCSP responder role in Windows Server 2008 R2 either via a command line tool or by using the role wizard. Command line Command: servermanagercmd.exe –install ADCS-Online-Cert Whooops, deprecated 😀 Nevertheless, works. You just have to wait for the installer to finish. Role Read more…

By Tobias Hofmann, 9 yearsJune 7, 2016 ago
  • Datenschutzerklärung
  • Impressum
  • Cookie-Erklärung
Hestia | Developed by ThemeIsle