Using OCSP
You can import a certificate that is maintained in a remote location using Online Certificate Status Protocol (OCSP). OCSP enables you to validate or revoke certificates by query, rather than by importing certificate revocation list (CRL) files. Since distributing and installing CRL files can be a considerable burden in large organizations, and because delay between the release and install of the CRL represents a vulnerability window, this can often be preferable.
• To use OCSP queries, you must first install the certificates of trusted OCSP/CRL servers.
Before you begin:
• You must have Read-Write permission for System settings.
• You must know the URL of an OCSP server or have downloaded the certificate and key files and be able to browse to them so that you can upload them.
To add a remote certificate:
1. Go to System > Certificate > Manage Certificates.
2. Click the Remote tab.
3. Click Import to display the configuration editor.
4. Complete the configuration as described in
Table 66.
5. Save the configuration.
Table 66: Remote certificate configuration
Settings | Guidelines |
Certificate Name | Name that can be referenced by other parts of the configuration, such as www_example_com. Do not use spaces or special characters. The maximum length is 35 characters. After you initially save the configuration, you cannot edit the name. |
Local PC | Browse and locate the certificate file that you want to upload. |
OCSP URL | Specify the OCSP URL. |