OCSP stapling

Online certificate status protocol (OCSP) is a common schema that you may want to use to maintain the security of a server and other network resources. It allows clients to validate server certificates when establishing a TLS connection, without transmitting certificate revocation lists from the CA.

By default, server certificate configuration in Certificate Provisioning System (CPS) enables OCSP stapling for client certificates. For mutual authentication to work properly, make sure you either disable this setting so that clients contact the CA directly to validate the server certificate, or complete the OCSP configuration by providing a OCSP responder host. To do either action, edit the deployment settings of your certificate in Certificate Provisioning System. See View and edit your deployment settings.


Did this page help you?