Online certificate status protocol (OCSP)

Online certificate status protocol (OCSP) is a common schema that enterprises may use to maintain the security of a server and other network resources. If you have enabled certificate-based authentication in Enterprise Application Access, OCSP can be used to validate certificates. You need to provide the URL of the OCSP responder that Enterprise Application Access uses to validate the certificate. OCSP can be configured two ways, depending on the type of server:

  • Internal. If the OCSP server is within the enterprise network and not reachable by public Internet, it is internal. The OCSP deploys to an EAA connector where the service is reachable from.

  • External. If the OCSP server is reachable by the public Internet, it is external. The OCSP does not deploy on an EAA connector. Instead, the EAA cloud makes a request to the OCSP server directly.

Create an online certificate status protocol (OCSP) responder

Create an online certificate status protocol (OCSP) responder on Enterprise Application Access (EAA) and add it to an identity provider (IdP).

Prerequisite:
Upload your certificates to Enterprise Application Access (EAA). For more information see certificates in EAA.

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Certificates > OCSP.

  3. Click Add New OCSP.
    The OCSP information page appears.

  4. Type a unique name for the OCSP server.

  5. Select the OCSP server type.
    If internal, select an EAA connector where the service is reachable from.

  6. In Validation URL enter the URL of the OCSP responder that Enterprise Application Access uses to validate the certificate.

  7. Click Save OCSP.
    The OCSP appears as a row on the OCSP page.

Next, create and deploy a new IdP with OCSP as the certificate validation method. In the IdP General Settings section, Certificate Validation, then select OCSP as the Certificate Validation Method.


Did this page help you?