OCSP Repeater services are provided only for those CAs which are registered within the Trust Manager. A CA can be added using the Registered CA option within the ADSS OCSP Repeater Service GUI.  A list of registered CAs will be shown and to add a new CA click the "Add CA" button in the screen shown below:

The following table explains the different columns on the Registered CAs page:

Items

Description

CA Friendly Name

This is friendly name of the CA added to the OCSP Repeater service. The CA Friendly Name is the same as the one registered within the Trust Manager and OCSP Service.

D-OCSP Service URL

This is the URL of the D-OCSP Service for fetch the pre-computed OCSP responses.

Status

The status for a CA is either Active or Inactive. CA status can be configured when registering a CA in the Trust Manager or by editing an existing CA. Among the registered CAs in OCSP service, the revocation services are provided for only those CAs which are marked Active in the Trust Manager.


This shows a table of the existing registered CAs. These registered CAs can be sorted in either Ascending or Descending order by selecting a table column from the drop down list. The list can be sorted by status or CA Friendly Name.

In order to register a new CA in OCSP Repeater Service click Add CA button and follow the CA registration wizard. Note the CAs that are already registered in the ADSS Trust Manager will be shown in the drop-down list of available CAs as shown below:



Select a CA from the drop down list Register this CA for OCSP service.


The CAs registered in Trust Manager will only be visible and can be selected from this drop down menu.


OCSP Response Polling Settings defines the following:


Items

Description

Polling Period

Defines how often the OCSP Repeater Service attempts to retrieve the OCSP responses from the D-OCSP Service.

TLS Client Certificate

To create a secure connection between D-OCSP Service and OCSP Repeater Service it is necessary to select a TLS Client Certificate. To create TLS Client Certificate refer to the Step 1.

D-OCSP Service URL

The D-OCSP Service URL defines the IP Address/host name and port on which the OCSP Repeater will communicate/connect to fetch the responses from the D-OCSP Service (Over Mutual TLS authentication). The default URL for D-OCSP Service interface is: https://MachineName:8779/adss/ocsp/distributor.



OCSP Relay Policy Settings defines the following:


Items

Description

Forward OCSP request

Enabling this checkbox will forward the OCSP request if OCSP Repeater is unable to check status of the target certificate from cached responses.

OCSP Service URL

The OCSP Service URL defines the IP Address/host name and port on which the OCSP Repeater will communicate/connect to the OCSP Service to fetch single OCSP response of the target certificate.


See also

Step 1 - Generating Keys and Certificates
Step 2 - Registering CAs
Step 3 - Configuring CRL Monitor
Step 4 - Configuring OCSP Repeater Service
Step 6 - Using the Service Manager