Manualshelf

A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Advanced Software
51525354555657585960
Security Overview
Appendix A: X.509 Certificates and Insight Remote Support Advanced
Figure A.2. Remote Support Software Management (RSSWM)
CRL Checking
The RSC can optionally check each certificate in the chain for revocation. At least three methods are
used:
1. Checking a local copy of the associated CRL
2. Checking a copy of the associated CRL available in an LDAP database
3. Querying a certificate status server using the Online Certificate Status Protocol (OCSP)
The CRL Distribution Point attribute of an X.509 certificate is a Uniform Resource Identifier (URI) list that
indicates where the CRL can be located. Likewise, the certificate’s Authority Information Access attribute
can contain the URI of an OCSP server. Whichever method is used, the information must be signed by
the certificate’s issuer to verify its authenticity. Otherwise, denial-of-service attacks are possible.
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 54 of 97