User Interface
R&S
®
GP-E/GP-S
126User Manual v16.2.1 ─ 01
6. Click "Create" to add the new template to the list of available templates.
3.4.8.3 OCSP/CRL Settings
Enable the OCSP and/or CRL services to allow clients to verify the validity of certifi-
cates issued by the central firewall.
If co-workers quit their job or a private key gets lost, the corresponding certificate must
be blocked to assure the company's security. This has to be done on the firewall which
issued the certificate. The deletion of the certificate on the issuing firewall always
includes the revocation of the certificate. To make the status of a certificate accessible
to other firewalls, gateprotect Firewall offers two distinct services:
●
OCSP (Online Certificate Status Protocol) – The remote firewall requests the status
of the certificate from the issuing firewall at the moment the certificate is needed.
●
CRL (Certificate Revocation List) – The firewall is able to provide static revocation
lists in predefined intervals which can be downloaded by remote firewalls. Then the
application only has to check whether the current CRL lists the certificate as
blocked.
To use OCSP and/or CRL, the services in general have to be activated once with the
necessary settings. While creating or renewing a CA, you have to declare whether
OCSP and/or CRL requests should be sent and under which addresses (URLs) these
services should be offered. These options are stored in the certificates themselves, so
applications or remote firewalls know where to check the status of a certificate. For fur-
ther information, see "Certificates Settings" on page 123.
The "OCSP/CRL" settings allow you to configure the following elements:
Field Description
"On" / "Off" A slider switch indicates whether the appropriate service is active ( "On" ) or
inactive ( "Off" ). By clicking the slider switch, you can toggle the state of both
services individually. Both options are deactivated by default.
"Validity Period" Specify the cache time (in minutes) which is sent in the HTTP header to
requesting firewalls. After this period has elapsed, new requests will be
answered. The default cache time is set to 60 minutes.
The buttons at the bottom right of the editor panel allow you to shut ( "Close" ) the edi-
tor panel as long as no changes have been made and to store ( "Save" ) or to discard
( "Reset" ) your changes.
Click " Activate" in the toolbar at the top of the desktop to apply your configuration
changes.
3.4.8.4 Truststore
Navigate to "Cert. Management > Truststore > Custom Certificates" and to "Cert. Man-
agement > Truststore > System Certificates" to display the list of custom and system
certificate authorities that the SSL proxy trusts or does not trust for external connec-
tions and that are currently defined on the system in the item list bar.
Menu Reference
To Next Page
Loading...