Home > ADSS OCSP Monitor > Test Scenarios

Test Scenarios

Each Test Scenario can have one or more Test Cases associated with it that perform either positive or negative checks. Each Test Scenario can have its own trust anchors defined for detailed trust checking. 

When a Test Scenario fails, a customisable failure report is sent to a defined list of operations staff.  Each Test Scenario can have different staff identified. 

When a scenario completes a summary report can be optionally sent to selected operational staff showing the minimum, average and maximum response delay statistics observed as well as a summary of the successful and failed tests observed during the period. At the end of day a summary report for all scenarios can optionally be sent to defined operational staff which details the main statistics for all scenarios. 

The main screen shown is:

This lists all the defined Test Scenarios, their start time and stop time, the interval between tests and the status. These can be sorted in either Ascending or Descending order according to the criteria: Scenario ID, Scenario Name, Created At and Status. 

A new test scenario is created by selecting the New button. The following configuration screen is shown:

The configuration items are as follows:

Item Description
Status
A Test Scenario can be marked Active or Inactive. 
Inactive test scenarios are not processed this is useful when a particular Test Scenario is to be used on an occasional basis.
Scenario ID
A System-defined unique identifier for this Test Scenario.
Scenario Name
An operator-defined unique name that should be chosen to make it easy to understand what this Test Scenario does.
Scenario Description
Use this field to describe the purpose of this Test Scenario and any other useful details to keep other operators informed.
OCSP Responder Address
Configure the address of target OCSP responder to be monitored. The URL address can be checked using the Test button.
Response Timeout
This value defines how many seconds OCSP Monitor waits for a response before assuming that there is a communication issue. The default value is 0 seconds and this means there is no timeout.
10 seconds is recommended when monitoring OCSP responders. 
OCSP Freshness Threshold
OCSP Monitor can optionally check the freshness of an OCSP response by comparing the difference between the "thisUpdate" time and "ProducedAt" time, with this value for this scenario. 
For example if you wish to check that an OCSP response is always issued within 3 hours of a CRL update then set this value to 3 x 60 = 180. The default value for OCSP Freshness Threshold is 0 minutes which tells the system not to perform a freshness check.
Response Clock tolerance
When verifying OCSP responses, OCSP Monitor compares the time within the OCSP response with its local clock to ensure they are valid responses. Problems can occur if the OCSP client system time is behind the OCSP Server system time and so a tolerance value is useful.
A value of 30 seconds is a recommended minimum. The default value is 0 seconds which tells the system not to use clock tolerance
OCSP Responder Requires Authentication
Basic, Digest and NTLM aunthentication schemes are supported.
  • Basic aunthentication sends credentials in plain format,
  • Digest authentication sends the details in encrypted form,
  • NTLM authentication is used for servers that do not belong to same domain.
Start Time The time at which this Test Scenario runs.
Stop Time
The time at which this Test Scenario stops.
Run Scenario after every
Specifies how often in minutes this Test Scenario runs between the start and stop times.
Send Summary Report at Scenario Stop Time
If enabled OCSP Monitor generates a Summary Report at the Test Scenario stop time.
Do not run scenario at week-ends
If enabled OCSP Monitor does not run the scenario at week-ends.
Currently week-ends are defined as Saturday and Sunday.
Include scenario result in Daily Summary Report
If enabled the results of this Test Scenario are included in the daily summary report.
Trust Anchors
Use this setting to identify the Trust Anchors to use when verifying OCSP responses.  When OCSP Monitor receives an OCSP response it will attempt to verify it by building a certificate chain from the OCSP responder’s certificate to a Root CA certificate in the Trust Anchor list. If a chain can be built then the OCSP responder is authenticated and trusted. If not the OCSP response is not trusted.   
If the OCSP responder only sends its own certificate (and not the chain of certificates) then add intermediate CAs here to allow certificate path building.
Automatically trust any new Trust Authorities added to Trust Manager
If this option is selected, any new trust authorities are automatically added to the 'Selected Trust Anchor' list. This avoids the need to have to manually assign new Trust Anchors to the profile.  
The use of this option should be carefully considered because it allows automatic change to existing Test Scenarios.
Test Cases
Use this setting to define the Test Case(s) to be included within this Test Scenario.
Report Recipients
This setting defines the system operators to whom scenario and warning reports are sent.

The Test Scenarios can be searched using these options:

Enter the search criteria based on the Status, Test Scenario ID, Test Scenario Name.  

If more than one search parameters is provided, these are combined using the AND operator and the results are presented accordingly.


The "_" character is used as a wildcard character

See also