(Optional) Enable OCSP (Online Certificate Status Protocol) to determine the status of a certificate used to authenticate a subject: current, expired, or unknown. OCSP configuration is enabled as part of cluster level SSL configuration. OCSP checking must be enabled if you are using the CertificateAuthenticationLoginModule and have set Enable revocation checking to true.
Enable OCSP for a cluster when configuring SSL.
|URL||A URL to responder, including its
For example, https://ocsp.example.net:80.
|Certificate subject name||The subject name of the responder's
certificate. By default, the certificate of the OCSP responder is that
of the issuer of the certificate being validated.
Its value is a string distinguished name (defined in RFC 2253), which identifies a certificate in the set of certificates supplied during cert path validation.
If the subject name alone is not sufficient to uniquely identify the certificate, the subject value and serial number properties must be used instead.
When the certificate subject name is set, the certificate issuer name and certificate serial number are ignored.
For example, CN=MyEnterprise, O=XYZCorp.
|Certificate issuer name||The issuer name of the responder
For example, CN=OCSP Responder, O=XYZCorp.
|Certificate serial number||The serial number of the responder certificate.|