Page History
| Add_workflow_for_techpubs | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
| borderColor | green |
|---|---|
| bgColor | transparent |
| borderWidth | 2 |
...
| Panel | ||||
|---|---|---|---|---|
In this section:
|
...
When a peer sends certificates, an OCSP client (e.g. SIPFE) issues a status request to an OCSP responder and suspends acceptance of the certificates in question until the responder provides a response. The OCSP client needs the address/URL of the OCSP responder, the certificate to be checked, and the certificate issuer’s certificate. The OCSP URL can be FQDN or IPv4 address plus port number.
The
| Spacevars | ||
|---|---|---|
|
SBC supports adding OCSP configuration to an existing/new TLS profile, and performing automatic OCSP checking in OpenSSL library without making substantial changes to OCSP clients (SIPFE, etc.). The OCSP clients may be involved when OCSP checking returns errors. The user may create up to four OCSP profiles per system as described in "Key Concepts" section below.
...
- OCSP capability
- enabled
- disabled (default)
- Default responder URI (default: blank):
- IPv4 address and port number, or
- FQDN
- AIA override:
- enabled - Forces the use of configured Default responder for OCSP validation regardless of whether or not the certificate being validated references a responder by AIA.
- disabled (default) - The responder referenced via AIA by the certificate being validated is used, or the Default responder as configured is used only if the AIA is not available.
- OCSP Stapling
- disabled (default)
- enabled
- OCSP response waiting time - If the corresponding OCSP response does not return before the time expires after sending an OCSP request, the response is considered unavailable.
- Range: 1-16 seconds, default = . Default: 2.
- OCSP Response Caching Timer
- Range: 1-30 days. Default: 1.
| Note |
|---|
| The configured default responder may point to the certificate authority (CA) that issued the certificate in question, a Trusted Responder whose public key is trusted by the SBC, or a CA Authorized Responder (or Delegated Trust Responder in UCR term) that is designated by one or more CAs. |
...
When the
| Spacevars | ||
|---|---|---|
|
To View
...
OCSP Profiles
On SBC main screen, go to Configuration > System Provisioning > Security Configuration > Ocsp Profile. The Ocsp Profile window is displayed.
| Caption | ||||
|---|---|---|---|---|
| ||||
To Edit
...
an OCSP Profile
To edit any of the Ocsp Profile in the list, click the radio button next to the specific Ocsp Profile name.
| Caption | ||||
|---|---|---|---|---|
| ||||
The Edit Selected Ocsp Profile window is displayed belowas in the following figure.
| Caption | ||||
|---|---|---|---|---|
| ||||
...
Make the required changes and click Save at the right hand bottom of the panel to save the changes made.
To Create
...
an OCSP Profile
To create a new Ocsp Profile, click New Ocsp Profile tab on on the Ocsp Profile List panel.
| Caption | ||||
|---|---|---|---|---|
| ||||
The Create New Ocsp Profile window is displayed.
...
| Caption | ||||
|---|---|---|---|---|
| ||||
Parameter | Description | |||||
|---|---|---|---|---|---|---|
Ocsp Name | Specifies the name of the Ocsp Profile to be created. | |||||
| The administration state of this OCSP profile. The options are:
Note | Note: The OCSP statistics counters for a configured OCSP profile can be reset by disabling and re-enabling the profile’s state. | ||||
Default Responder | Enter default OCSP responder URL: IPv4 address, or FQDN. | |||||
Aia Override | Enable flag to override OCSP responder specified in certificate's AIA. The options are: disabled
| |||||
| OCSP Stapling | Use this flag to enable or disable OCSP stapling. OCSP stapling allows you to provide the validity information of your security certificate.
|
The
| ||||
| Response Wait Time | Specifies the OCSP response waiting time, in seconds. If response is not received within this period, the server is considered unavailable. | |||||
| OCSP Response Caching Timer | Configure this parameter with the timer (in days) for the OCSP response caching. The range is 1-30, and the default is 1. The
|
To Copy an Ocsp Profile
To copy any of the created an Ocsp Profile and to make any minor changes, click the radio button next to the specific Ocsp Profile to highlight the row.
...
| 0 | Figure |
|---|---|
| 1 | Security Configuration - Ocsp Profile Highlighted |
Click Copy Ocsp Profile tab on the Ocsp Profile List panel.
| Caption | ||||
|---|---|---|---|---|
| ||||
The Copy Selected Ocsp Profile window is displayed along with the field details which can be edited.
| Caption | ||||
|---|---|---|---|---|
| ||||
...
Make the required changes to the required fields and click Save to save the changes. The copied Ocsp Profile is displayed at the bottom of the original Ocsp Profile in the Ocsp Profile List panel.
To Delete an Ocsp Profile
- To delete any of the created Ocsp Profile, click the radio button next to the specific Ocsp Profile which you want to delete.
...
| 0 | Figure |
|---|---|
| 1 | Security Configuration - Ocsp Profile Highlighted |
...
- Click the X at the end of the highlighted row.
...
- Confirm the deletion when prompted
| Caption | ||||
|---|---|---|---|---|
| ||||
...
- .
Overview
Content Tools