Filter
Top Products
229 | CertificateRevocation DellPowerConnectW-SeriesArubaOS6.2 | User Guide
The OCSP responder on the controller is accessible over HTTP port 8084. This port is not configurable by the
administrator. Although the OCSP responder accepts signed OCSP requests, it does not attempt to verify the
signature before processing the request. Therefore, even unsigned OCSP requests are supported.
The controller as an OCSP responder provides revocation status information to ArubaOS applications that are using
CRLs. This is useful in small disconnected networks where clients cannot reach outside OCSP server to validate
certificates. Typical scenarios include client to client or client to other server communication situations where the
certificates of either party need to be validated.
Configuring the Controller as an OCSP Client
When OCSP is used as the revocation method, you need to configure the OCSP responder certificate and the OCSP
URL.
In the WebUI
1. Navigate to the Configuration > Management > Certificates > Upload page.
2. Enter a name in the Certificate Name field. This name identifies the certificate you are uploading.
3. Enter the certificate file name in the Certificate Filename field. Use the Browse button to enter the full
pathname.
4. Select the certificate format from the Certificate Format drop-down menu.
5. Select OCSP Responder Cert from the Certificate Type drop-down menu.
NOTE: A revocation check method (OCSP or CRL) can be chosen independently for every revocation checkpoint. In this example, we
are only describing the OCSP check method.
Once this certificate is uploaded it is maintained in the certificate store for OCSP responder certificates. These
certificates are used for signature verification.
Figure 66: Upload a certificate
6. Click Upload. The certificate appears in the Certificate Lists pane.
7. For detailed information about an uploaded certificate, click View next to the certificate.