This screen configures the type of requests that will be accepted by the OCSP Service:

This allows the ADSS Server administrator to configure the type of OCSP requests that can be accepted by the OCSP Service.

Items

Description

Accept unsigned OCSP requests

In this case there is no authentication of relying parties. Both signed and unsigned OCSP requests are accepted by the service.  If signed requests are received the signature will be ignored.

Accept signed and unsigned OCSP requests

When selected, both signed and unsigned OCSP requests will be processed.  For signed requests the ADSS OCSP service will validate the signature and provide an OCSP response if the signature is accepted as discussed in the next category.

Accept only signed requests

When selected, only signed OCSP requests from relying parties using a certificate from a trusted CA will be accepted. If using this option ensure that OCSP requests are signed and the issuer of the request signers’ certificate is registered in the ADSS Trust Manager.

Verify OCSP request signer’s certificate status

If selected, the relying party’s request signing certificate status is checked to see if it revoked. The validation policy of the issuer CA is used to check this.

Maximum certificates allowed per OCSP request

Multiple OCSP requests can be packaged into one OCSP request by intelligent OCSP clients.  ADSS OCSP Service can handle these to the limit set in this policy. If an OCSP request has more CertIDs than the allowed limit, an unauthorized OCSP response is returned. If an incoming OCSP request does not contain any CertIDs then a malformed request error is returned.


See also

Default OCSP Policy