Take the following steps to configure the OCSP server:
-
Assign a certificate to the OCSP server.
Operating the OCSP server requires it to receive a certificate from the CA whose certificates it should provide information about. This certificate is used to sign the OCSP responses.
For this purpose, go to and configure the Certificate subject for the OCSP server. When the server is activated for the first time, this information is used to automatically generate the certificate for the OCSP server.
Important: In the certificate subject, enter CN as the FQDN where OCSP clients can reach the OCSP server. -
Provide information about the OCSP server to the Smart Certificate preconfiguration
-
Under , you can specify that when Smart Certificate CA generates a certificate, the field "OCSP-AIA" (Authority Information Access) is available for configuration. If you use the "Default" template, this is automatically the case. If you use a custom template, then set the field "OCSP-AIA" to Yes.
-
Under you set a default value for the field OCSP-AIA in the desired Smart Certificate profile.
Note: This step is optional. If you do not specify a default value here, you must manually specify a value when creating a certificate.
Configure the name or IP address where the OCSP server is available to the OCSP clients. This was already used earlier when generating the OCSP server certificate. Also add the port number where the OCSP server can be reached. The default setting is port 8084.
In the example, the default value for the profile "VPN" is adapted to "ocspserver.test.de:8084":
-
Under , you can specify that when Smart Certificate CA generates a certificate, the field "OCSP-AIA" (Authority Information Access) is available for configuration. If you use the "Default" template, this is automatically the case. If you use a custom template, then set the field "OCSP-AIA" to Yes.
This concludes the configuration of the OCSP server.
