Online certificate status protocol (OCSP)
Online certificate status protocol (OCSP) is a common schema that enterprises may use to maintain the security of a server and other network resources. If you have enabled certificate-based authentication in Enterprise Application Access for Gov, OCSP can be used to validate certificates. You need to provide the URL of the OCSP responder that Enterprise Application Access for Gov uses to validate the certificate. OCSP can be configured two ways, depending on the type of server:
-
Internal. If the OCSP server is within the enterprise network and not reachable by public Internet, it is internal. The OCSP deploys to an EAA for Gov connector where the service is reachable from.
-
External. If the OCSP server is reachable by the public Internet, it is external. The OCSP does not deploy on an EAA connector. Instead, the EAA for Gov cloud makes a request to the OCSP server directly.
Create an online certificate status protocol (OCSP) responder
Create an online certificate status protocol (OCSP) responder on Enterprise Application Access for Gov (EAA for Gov) and add it to an identity provider (IdP).
Prerequisite:
Upload your certificates to Enterprise Application Access for Gov (EAA for Gov). For more information see certificates in EAA.
-
Log in to Enterprise Center.
-
In the Enterprise Center navigation menu, select Application Access > Certificates > OCSP.
-
Click Add New OCSP.
The OCSP information page appears. -
Type a unique name for the OCSP server.
-
Select the OCSP server type.
If internal, select an EAA for Gov connector where the service is reachable from. -
In Validation URL enter the URL of the OCSP responder that Enterprise Application Access for Gov uses to validate the certificate.
-
Click Save OCSP.
The OCSP appears as a row on the OCSP page.
Next, create and deploy a new IdP with OCSP as the certificate validation method. In the IdP General Settings section, Certificate Validation, then select OCSP as the Certificate Validation Method.
Updated over 3 years ago