After finalizing the configuration changes within the OCSP Service, it must be restarted to make the changes effective. The OCSP Service Manager module allows operators to start, stop or restart service and also make changes to service related configurations. Also, it provides the operator to select either to run the OCSP Service in Service Mode or Gateway Mode from OCSP Service Mode section. By default, Enable Service Mode option is selected.

Clicking on the Service Manager link will show the following screen:



The configuration items are as follows:

Items

Description

Service Address

The address of the OCSP Service being controlled from this Service Manager. Ensure the address points to the correct service URL, i.e. if you are running the service on multiple machines in a load-balanced configuration, then check that the name is correct for a particular instance that needs to be started/ stopped/ restarted. By default, it will be that of the local machine. 

Start

Start the service. Status will change to “Running” after a successful start.

Stop

Stop the service. Status will change to “Stopped” after the service is stopped.

Restart

Stop and then start the service in one go, Status will change to “Running” after a successful restart.

Log OCSP transactions

When the Log OCSP transactions option is enabled then all OCSP transactions are recorded in the ADSS Server database.  With this option disabled no OCSP transactions will be recorded in the database.  This feature is useful when much higher throughput is required and logging is seen as an overhead, e.g. within EV TLS environments.

OCSP Service Mode

This section defines the configuration required for the OCSP service to entertain request's directly or behaving as a proxy server for back-end OCSP service. 

Enable Service Mode

When this option is enabled, the OCSP Service handles all the requests and responds accordingly. 

Note: Service Mode is enabled by default. 

Enable Gateway Mode

If enabled, this OCSP Service instance will act as gateway instance for back-end OCSP Server. OCSP Service verifies the request structure and validates the Client. Upon success, it relays the received request to the back-end OCSP Server using the provided configurations defined below.

OCSP Service Address

Use this field to add back-end OCSP Service Address(es). 

List of OCSP Service Addresses

This field shows the OCSP Service Address(es) that can be used to forward requests to the back-end OCSP Server. Multiple services addresses can be added. The Test button checks if the service is available whereas the Remove button deletes a configured service address. 


Ensure all the changes are saved by clicking the Save button and restart the service to take changes effect.


See also

Step 1- Generating Keys and Certificates
Step 2 - Registering CAs

Step 3 - Registering Trusted CAs for OCSP Service
Step 4 - Configuring CRL Monitor