Filter
Top Products
7-21
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 7 Managing Network Resources
Working with OCSP Services
Note If you want ACS to forward unknown RADIUS attributes you have to define VSAs for proxy.
Related Topics
• RADIUS and TACACS+ Proxy Services, page 3-7
• RADIUS and TACACS+ Proxy Requests, page 4-29
• Configuring General Access Service Properties, page 10-13
• Deleting External Proxy Servers, page 7-21
Deleting External Proxy Servers
To delete an external proxy server:
Step 1 Choose Network Resources > External Proxy Servers.
The External Proxy Servers page appears with a list of configured servers.
Step 2 Check one or more check boxes next to the external RADIUS or TACACS+ servers you want to delete,
and click Delete.
The following message appears:
Are you sure you want to delete the selected item/items?
Step 3 Click OK.
The External Proxy Servers page appears without the deleted server(s).
Working with OCSP Services
ACS 5.4 introduces a new protocol, Online Certificate Status Protocol (OCSP), which is used to check
the status of x.509 digital certificates. This protocol can be used as an alternate to the certificate
revocation list (CRL). It can also address the issues that result when handling CRLs.
ACS 5.4 communicates with OCSP services over HTTP to validate the status of the certificates in
authentications. OCSP is configured in a reusable configuration object, and OCSP can be referenced
from any certificate authority (CA) certificate that is configured in ACS. Multiple CA objects can
reference the same OCSP service.
You can configure up to two OCSP servers in ACS, which are called the primary and secondary OCSP
servers. ACS communicates with the secondary OCSP server when a timeout occurs while it is
communicating with the primary OCSP server.
OCSP can return the following three values for a given certificate request:
• Good—The certificate is good for usage.
• Revoked—The certificate is revoked.