OCSP Validation
Enables OCSP validation to be performed by contacting the corresponding OCSP responder. The OCSP responder is decided as follows during runtime. The attributes mentioned are located in the console at Configuration > Servers and Sites > Security:
-
If this value is set to true and the OCSP responder is set in the Responder URL attribute, the value of the attribute will be used as the OCSP responder.
-
If Online Certificate Status Protocol Check is enabled and if the value of this attribute is not set, the OCSP responder presented in your client certificate is used as the OCSP responder.
-
If Online Certificate Status Protocol Checkis not enabled or if Online Certificate Status Protocol Checkis enabled and if an OCSP responder can not be found, no OCSP validation will be performed.
Before enabling OCSP Validation, make sure that the time of the OpenSSO Enterprise machine and the OCSP responder machine are in sync as close as possible. Also, the time on the OpenSSO Enterprise machine must not be behind the time on the OCSP responder. For example:
OCSP responder machine - 12:00:00 pm
OpenSSO Enterprise machine - 12:00:30 pm
- © 2010, Oracle Corporation and/or its affiliates