To enable OCSP checking for an OpenSSO web container that has enabled the Java Security Manager, add the following permission to the server.policy (or equivalent) file:
permission java.security.SecurityPermission "getProperty.ocsp.*";