OCSP Validation
Enables OCSP validation to be performed by contacting the corresponding OCSP responder. The OCSP responder is decided as follows during runtime:
-
If com.sun.identity.authentication.ocspCheck is true and the OCSP responder is set in the com.sun.identity.authentication.ocsp.repsonder.url attribute, the value of the attribute will be used as the OCSP responder.
-
If com.sun.identity.authentication.ocspCheck is set to true and If the value of the attribute is not set in the AMConfig.properties file, the OCSP responder presented in your client certificate is used as the OCSP responder.
-
If com.sun.identity.authentication.ocspCheck is set to false or if com.sum.identity.authentication.ocspCheck is set to true and if an OCSP responder can not be found, no OCSP validation will be performed.
Before enabling OCSP Validation, make sure that the time of the Access Manager machine and the OCSP responder machine are in sync as close as possible. Also, the time on the Access Manager machine must not be behind the time on the OCSP responder. For example:
OCSP responder machine - 12:00:00 pm
Access Manager machine - 12:00:30 pm
- © 2010, Oracle Corporation and/or its affiliates