Users Guide
366 | Certificate Revocation Dell Networking W-Series ArubaOS 6.4.x| User Guide
Configuring an OCSP Controller as a Responder
The controller can be configured to act as an OCSP responder (server) and respond to OCSP queries from
clients that want to obtain revocation status of certificates.
The OCSP responder on the controller is accessible over HTTP port 8084. You cannot configure this port.
Although the OCSP responder accepts signed OCSP requests, it does not attempt to verify the signature before
processing the request. Therefore, even unsigned OCSP requests are supported.
The controller as an OCSP responder provides revocation status information to Dell applications that use CRLs.
This is useful in small disconnected networks where clients cannot reach outside OCSP server to validate
certificates. Typical scenarios include client to client or client to other server communication situations where
the certificates of either party need to be validated.
Configuring the Controller as an OCSP Client
When OCSP is used as the revocation method, you need to configure the OCSP responder certificate and the
OCSP URL.
In the WebUI
1. Navigate to the Configuration > Management > Certificates > Upload page.
2. Enter a name in the Certificate Name field. This name identifies the certificate you are uploading.
3. Enter the certificate file name in the Certificate Filename field. Use the Browse button to enter the full
pathname.
4. Select the certificate format from the Certificate Format drop-down menu.
5. Select OCSP Responder Cert from the Certificate Type drop-down menu.
A revocation check method (OCSP or CRL) can be chosen independently for every revocation checkpoint. In this
example, we are only describing the OCSP check method.
Once this certificate is uploaded it is maintained in the certificate store for OCSP responder certificates.
These certificates are used for signature verification.