Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

ProtectServer 3 HSM and ProtectToolkit 7
ProtectServer 2 HSM and ProtectToolkit 5
ProtectServer 3 HSM Integration Guides

All

All

Microsoft Online Certificate Status Protocol (OCSP)

Overview

ProtectServer 3 HSM Integration Guides
Apache Tomcat
- Overview
- Getting started
- Generating a new SSL certificate and key on a ProtectServer 3 HSM
CyberArk Vault
- Overview
- Getting started
- Generating a CyberArk Vault server key on a ProtectServer 3 HSM
- Migrating an existing CyberArk Vault server key to a ProtectServer 3 HSM
HashiCorp Vault
- Overview
- Getting started
- Configuring HashiCorp Vault
- Rotating HashiCorp Vault Keys
Microsoft Active Directory Certificate Services (ADCS)
- Overview
- Getting started
- Installing Microsoft ADCS on Windows Server using SafeNet KSP
- Enrolling the certification authority certificate
- Archiving the CA key
- Performing a key recovery
Microsoft Online Certificate Status Protocol (OCSP)
- Overview
- Getting started
- Setting up an enterprise root certificate authority
- Installing the Online Responder service
- Configuring CA to issue OCSP response signing certificates
- Creating a revocation configuration
- Verifying auto-enrollment
- Validating OCSP integration
- Troubleshooting
OpenSSL
- Overview
- Getting started
- Configuring OpenSSL and GemEngine for a ProtectServer 3 HSM
Oracle Database Transparent Data Encryption (TDE)
- Overview
- Getting started
- Granting the Oracle Database access to the PKCS#11 library
- Configuring a master encryption key for HSM-based encryption
- Verifying that the master encryption key is encrypting the database

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

Home
ProtectServer 3 HSM Integration Guides
Microsoft Online Certificate Status Protocol (OCSP)
Overview

Overview

This document guides security administrators through the procedure for installing, configuring and integrating Microsoft Online Certificate Status Protocol (OCSP) with a ProtectServer 3 HSM. Microsoft OCSP uses the ProtectServer 3 HSM to secure signing keys for OCSP operations. The Microsoft Online Responder service implements the OCSP by decoding revocation status requests for specific certificates. The service evaluates the status request for these certificates and sends back a signed response containing the requested certificate status information. The integration between ProtectServer 3 HSMs and OCSP uses the industry standard PKCS#11 interface to generate the identity keys and provide security by protecting the identity private keys within an HSM. The benefits of using ProtectServer 3 HSMs to generate the signing keys for OCSP are the following:

Secure generation, storage, and protection of the private keys on FIPS-validated hardware.
Full life-cycle management of the keys.
Significant performance improvements by off-loading cryptographic operations from signing servers.

About the Microsoft Online Responder

The Microsoft OCSP implementation is separated into client and server components.

The client component is built into the Crypto API 2.0 library

Microsoft Online Responder Client Component

Microsoft Online Responder Components after integration with ProtectServer 3 HSM

Microsoft Online Responder HSM Integration

On this page

ProtectServer HSM and ProtectToolkit

© Copyright 2019-2024, Thales Group
Last Updated: 2024-11-05 11:15:59

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Document Conventions
- Support Contacts
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com