299| Certificate Revocation AOS-W 6.5.3.x| User Guide
Configuring an OCSP Switch as a Responder
The switch can be configured to act as an OCSP responder (server) and respond to OCSP queries from clients
that want to obtain revocation status of certificates.
The OCSP responder on the switch is accessible over HTTP port 8084. You cannot configure this port. Although
the OCSP responder accepts signed OCSP requests, it does not attempt to verify the signature before
processing the request. Therefore, even unsigned OCSP requests are supported.
The switch as an OCSP responder provides revocation status information to Alcatel-Lucent applications that
use CRLs. This is useful in small disconnected networks where clients cannot reach outside OCSP server to
validate certificates. Typical scenarios include client to client or client to other server communication situations
where the certificates of either party need to be validated.
Configuring the Switch as an OCSP Client
When OCSP is used as the revocation method, you need to configure the OCSP responder certificate and the
OCSP URL.
In the WebUI
1. Navigate to the Configuration > Management > Certificates > Upload page.
2. Enter a name in the Certificate Name field. This name identifies the certificate you are uploading.
3. Enter the certificate file name in the Certificate Filename field. Use the Browse button to enter the full
pathname.
4. Select the certificate format from the Certificate Format drop-down menu.
5. Select OCSP Responder Cert from the Certificate Type drop-down menu.
A revocation check method (OCSP or CRL) can be chosen independently for every revocation checkpoint. In this
example, we are only describing the OCSP check method.
Once this certificate is uploaded it is maintained in the certificate store for OCSP responder certificates.
These certificates are used for signature verification.
To Next Page
Loading...