Black Box ET0010A User Manual

Validating Certificates

EncrypTight User Guide

291

To set up OCSP in the ETKMS:
1 Log in directly on the ETKMS as root, or open an SSH session and su to root.
2 Using a text editor, open the 

kdist.properties

 file and add or edit the following lines:

#crlPath=../keys/current.crl
ocspEnabled=true
ocspDefaultResponderURL=http://<IPaddress:Port#>
ocspCRLFallbackEnable=true
#ignoreRevocationCheckErrors=false

To set up OCSP on the ETEPs:
1 In the Appliance manager, right click on the appliance that you want to change and select 

Configuration.

2 Click the Advanced tab.
3 Click Enable OCSP.
4 In  the  OCSP URL box, enter the URL of the OCSP responder.
5 Make other selections as needed. See 

 for an explanation of the OCSP settings.

6 Click OK.

crlPath

The directory path to a CRL stored locally. Storing CRLs locally is 

not supported when you use OCSP. When you use OSCP, this 

parameter should be commented out by preceding the line with a #.

ocspEnabled

Enables and disables the use of OCSP.

ocspDefaultResponderURL

IP address and port number for a default OCSP responder, for 

example: 

http://192.168.42.4:8888

ocspCRLFallbackEnable

Enables and disables checking CRLs if no OCSP default responder 

is specified and no OCSP URL is found in the certificate, or when a 

responder cannot be reached. 

ignoreRevocationCheckErrors

Specifies whether to ignore revocation check failures for CRLs. 

When you use OCSP, this parameter should be commented out by 

preceding the line with a #. Ignoring revocation check failures is not 

a valid option when OCSP is in use.

Enable OCSP

When checked, enables the use of OCSP. The default is 

unchecked.

Verify OCSP Response

Verifies OCSP responses by authenticating the response with the 

installed certificate. The default is to verify the OCSP response.