Online Certificate Status Protocol (OCSP)
Online Certificate Status Protocol (OCSP) is a protocol which is used to provide real-time validation of a certificate’s status. An OCSP responder is used to respond to certificate status requests and can issue one of the three responses.
Valid
Invalid
Unknown
The online responder service implements the OCSP by decoding revocation status requests for specific certificates. The service evaluates the status requests for these certificates and sends back a signed response containing the requested certificate status information.
Note
CipherTrust KMS refers to one of the Key Management Servers i.e. CipherTrust Manager or KeySecure.
Supported Product Versions
This integration is validated on the following operating system variants:
Windows
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
CipherTrust Manager
- CipherTrust Manager 1.4 or higher
CipherTrust KMS
- KeySecure 8.4.3 or higher
CADP
- 8.9.2 or higher
Prerequisites
Ensure that the CipherTrust Manager is installed and configured. For more details, refer to the CipherTrust Manager Documentation.
Thycotic communicates with the CipherTrust Manager using the Network Attached Encryption (NAE)-XML Interface. Ensure that the NAE-XML interface is configured. For more details, refer to the CipherTrust Manager Documentation.
Ensure that the port configured on NAE-XML interface is accessible from the Thycotic machine.
Ensure Setting up SSL.
Steps For The Integration
To integrate OCSP with the CipherTrust Manager:
