System Management : Using certificates : Using OCSP
Using OCSP
You can import a certificate that is maintained in a remote location using Online Certificate Status Protocol (OCSP). OCSP enables you to validate or revoke certificates by query, rather than by importing certificate revocation list (CRL) files. Since distributing and installing CRL files can be a considerable burden in large organizations, and because delay between the release and install of the CRL represents a vulnerability window, this can often be preferable.
To use OCSP queries, you must first install the certificates of trusted OCSP servers.
Before you begin:
You must have Read-Write permission for System settings.
You must know the URL of an OCSP server or have downloaded the certificate and key files and be able to browse to them so that you can upload them.
To add a remote certificate:
1. Go to System > Certificate > Manage Certificates.
2. Click the Remote tab.
3. Click Import to display the configuration editor.
4. Complete the configuration as described in Table 94.
5. Save the configuration.
Table 94: Remote certificate configuration
Certificate Name
Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.The maximum length is 35 characters.
After you initially save the configuration, you cannot edit the name.
Local PC
Browse and locate the certificate file that you want to upload.
Specify the OCSP URL.