Revoking certificates by OCSP query
Online certificate status protocol (OCSP) enables you to revoke or validate certificates by query, rather than by importing certificate revocation list (CRL) files. Since distributing and installing CRL files can be a considerable burden in large organizations, and because delay between the release and install of the CRL represents a vulnerability window, this can often be preferable.
To use OCSP queries, you must first install the certificates of trusted OCSP/CRL servers.
To view or upload a remote certificate
1. From your OCSP/CRL server, download its server certificate.
2. Go to System > Certificate > Remote.
3. Click Import.
4. In Certificate name, type the name of the certificate as it will be referred to in the appliance’s configuration file.
5. Next to Certificate file, click Browse, then select the certificate file.
6. Click OK.
The certificate is uploaded to the appliance. Time required varies by the size of the file and the speed of the network connection, but is typically only a few seconds.