Configuring OCSP
Online Certificate Status Protocol (OCSP) is a service provided by a CA to verify the validity of a digital certificate in real time. A client can send a request to the OCSP server of the CA to check whether the certificate has been revoked.
Application Scenario
OCSP is applicable to scenarios where the certificate status is sensitive. Especially in scenarios where certificates are frequently revoked (such as enterprise environments) or high security is required (such as finance and government), OCSP can verify the validity of certificates in real time.
- Enable OCSP: If OCSP is enabled for a private CA, the private certificate extension issued by the private CA contains the OCSP access address.
- Disable OCSP: If OCSP is disabled for a private CA, the private certificate extension issued by the private CA does not contain the OCSP access address.
Prerequisites
The private CA for which you want to configure OCSP is in the Activated or Disabled state.
Procedure
- Log in to the CCM console.
- In the navigation pane on the left, choose .
- In the private CA list, select the CA Name of the private CA for which you want to configure OCSP.
- On the private CA details page, click the OCSP Configuration tab and configure the verification protocol for certificate revocation status, as shown in Figure 1. Table 1 describes the parameters.
Table 1 Configuration parameters Parameter
Description
Status
Indicates the private CA OCSP status. The value can be:
- Enabled: The private CA OCSP is enabled.
- Disabled: The private CA OCSP is disabled.
OCSP Access Address
Indicates the server address provided by the CA, that is, the OCSP server URL, which is used to query whether a digital certificate has been revoked in real time.
- Enables or disables OCSP.
- Click Enable. If Enabled is displayed, OCSP is enabled successfully.
- Click Disable. If Disabled is displayed, OCSP is disabled successfully.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot