Configure The Ocsp Method - Polycom RealPresence Group Series Administrator's Manual

Configure the OCSP Method

Use the OSCP method for revocation checking.
Procedure
1. In the system web interface, go to Admin Settings > Security > Certificates > Revocation.
2. Configure the following settings and select Save.
Setting
Revocation Method
Allow Incomplete Revocation Checks
Global Responder Address
Use Responder Specified in Certificate
Polycom, Inc.
Description
To use the OCSP revocation method, select OCSP.
When enabled, your system considers a revocation
check successful if there is no response or the OCSP
responder indicates a certificate's status is unknown.
Regardless of how you configure this setting, the
following statements apply:
• If the OCSP responder indicates a known revoked
status, your system treats it as a revocation check
failure and doesn't allow the connection.
• If the OCSP responder indicates a known good
status, your system treats it as a successful
revocation check and allows the connection.
Specifies the URI of the OCSP responder (for example,
http://responder.example.com/ocsp). The
responder is used when Use Responder Specified in
Certificate is disabled and sometimes even when it's
enabled. Polycom recommends that you always include
a URI in this field regardless of how you configure Use
Responder Specified in Certificate.
Some certificates include the OCSP responder
address. When you enable this setting, your system
attempts to use this address (when present) instead of
the Global Responder Address you specified.
Note: Only HTTP URLs in a certificate's AIA field are
supported.
Securing the System
119