Configure the OCSP Method
Use the OSCP method for revocation checking.
Procedure
1. In the system web interface, go to Admin Settings > Security > Certificates > Revocation.
2. Configure the following settings and select Save.
Setting Description
Revocation Method To use the OCSP revocation method, select OCSP.
Allow Incomplete Revocation Checks When enabled, your system considers a revocation
check successful if there is no response or the OCSP
responder indicates a certificate’s status is unknown.
Regardless of how you configure this setting, the
following statements apply:
• If the OCSP responder indicates a known revoked
status, your system treats it as a revocation check
failure and doesn’t allow the connection.
• If the OCSP responder indicates a known good
status, your system treats it as a successful
revocation check and allows the connection.
Global Responder Address Specifies the URI of the OCSP responder (for example,
http://responder.example.com/ocsp). The
responder is used when Use Responder Specified in
Certificate is disabled and sometimes even when it’s
enabled. Polycom recommends that you always include
a URI in this field regardless of how you configure Use
Responder Specified in Certificate.
Use Responder Specified in Certificate Some certificates include the OCSP responder
address. When you enable this setting, your system
attempts to use this address (when present) instead of
the Global Responder Address you specified.
Note: Only HTTP URLs in a certificate’s AIA field are
supported.
Securing the System
Polycom, Inc. 119
To Next Page
Loading...
Need help?
General
