OCSP Profiles

Note: OCSP routed via CC will work only with the latest version of CC.

You can create the following OCSP profile by going to PKI+ > Validation Authority > OCSP:

OCSP Signing: By default, an OCSP signing certificate is created along with a new CA creation. Clicking this field lists all the valid OCSP signing certificates available in the AppViewX PKIaaS inventory along with common name, serial number, issuer common name, extended key usage, and status.

Note: Only one OCSP signing certificate is active at any given point of time.

If you want to activate a selected OCSP signing certificate, you can do it from Actions > OCSP Signing. The OCSP configuration is updated with the selected certificate.
Note: An OCSP signing certificate can be revoked only on deleting the CA. If an OCSP signing certificate is revoked or deleted from the CERT+ > Certificate Inventory > Server page, then the OCSP responder will not work. To remediate this action, you can create a new OCSP signing certificate by going to CERT+ > Certificate Action > Enroll Certificate and following the procedure explained in the Section, Creating OCSP Signing Certificate.