Online Certificate Status Protocol Check

The Online Certificate Status Protocol (OCSP) enables OpenSSO Enterprise services to determine the (revocation) state of a specified certificate. OCSP may be used to satisfy some of the operational requirements of providing more timely revocation information than is possible with CRLs and may also be used to obtain additional status information. An OCSP client issues a status request to an OCSP responder and suspends acceptance of the certificate in question until the responder provides a response.

Check Enabled

This attribute enables OCSP checking. It is enabled by default.

Responder URL

This attribute defines is a URL that identifies the location of the OCSP responder. For example, http://ocsp.example.net:80.

By default, the location of the OCSP responder is determined implicitly from the certificate being validated. The property is used when the Authority Information Access extension (defined in RFC 3280) is absent from the certificate or when it requires overriding.

Certificate Nickname

The OCSP responder nickname is the CA certificate nick name for that responder, for example Certificate Manager - sun. If set, the CA certificate must be presented in the web server's certificate database. If the OCSP URL is set, the OCSP responder nickname must be set also. Otherwise, both will be ignored. If they are not set, the OCSP responder URL presented in user's certificate will be used for OCSP validation. If the OCSP responder URL is not presented in user's certificate, no OCSP validation will be performed.