Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Customize the domain-wide OCSP settings

Before you begin

The Online Certificate Status Protocol (OCSP) is an automated certificate checking network protocol defined in RFC 2560. As part of certificate validation, WebLogic Server queries the revocation status of a certificate by issuing an OCSP request to an OCSP responder. Certificate status is maintained by the OCSP responder. Acceptance of the certificate is suspended until the responder returns an OCSP response, indicating whether the certificate is still trusted by the CA that issued it.

When configuring certificate revocation checking in a WebLogic domain, you can customize the following OCSP settings:

To customize the OCSP configuration in WebLogic Server:

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane of the Console, under Domain Structure, select the domain name.
  3. Select Security > SSL Certificate Revocation Checking > OCSP.
  4. Customize one or more of the following:
    • To enable the use of nonces in OCSP requests and responses, select the Enable Nonces check box. (Nonces are disabled by default.)
    • To enable the OCSP response cache, select the Enable Response Cache check box. (The OCSP response cache is enabled by default.)
    • To customize the OCSP response timeout setting, click Advanced, and specify the Response Timeout (seconds). Optionally, specify the Time Tolerance (seconds) to handle clock-skew differences between WebLogic Server and OCSP responders.
    • To customize the OCSP response cache, click Advanced, and specify the Capacity or the Refresh Period (percent).
  5. Click Save.
  6. In the Change Center, click Activate Changes. If automatic realm restart is enabled in the default realm, you do not need to restart WebLogic Server for changes to go into effect.

Back to Top