Home > ADSS OCSP Service > Configuring the OCSP Service > Step 2 - Registering CAs

Step 2 - Registering CAs

It is necessary to register the CAs for which the OCSP Service will provide revocation status information within the ADSS Trust Manager. This will allow the CRL resource settings and other validation policy parameters to be configured. 

When ADSS Server is configured to accept only signed OCSP requests then it is mandatory to also register the issuer CA(s) of the relying party (i.e. OCSP client) certificates in the Trust Manager so that signed OCSP requests from the requestor can be trusted. Note that the OCSP Service can be configured to accept:

In all of these cases the issuer CA of a target certificate (the target certificate is defined as the certificate whose revocation is to be checked) MUST be registered in the Trust Manager. 
Read the ADSS Trust Manager description to understand how to register CAs as Trust Anchors.


Select the purpose for the registered CAs as "CA (will be used to verify other certificates and CRLs)"​

See also