Configure the following parameters of the OCSP responder service provided by the Certification Authority.
Profile ID
The identifier of the profile for processing the certificate status before generating an OCSP response. See below for the response settings defined by each profile.
Profile identifier | nextUpdate | id-pkix-ocsp-archive-cutoff | Status if unknown | Revocation date |
|---|---|---|---|---|
basic | — | — | revoked | Jan 1 00:00:00 1970 GMT |
archiveCutOff | — | notBefore date of the CA certificate | revoked | Jan 1 00:00:00 1970 GMT |
nextUpdate | thisUpdate + 8 hours | — | revoked | Jan 1 00:00:00 1970 GMT |
archiveCutOffWithNextUpdate | thisUpdate + 8 hours | notBefore date of the CA certificate | revoked | Jan 1 00:00:00 1970 GMT |
CRLProfile | — | — | good | — |
CRLProfileWithArchiveCutOff | — | notBefore date of the CA certificate | good | — |
SNListProfile | — | — | unknown | — |
SNListProfileWithArchiveCutOff | — | notBefore date of the CA certificate | unknown | — |
See the below for the Certificates Source and Use SN Lists values supported by each profile.
Profile identifier | Certificates Source | Use SN Lists |
|---|---|---|
basic | CAGW | — |
archiveCutOff | CAGW | — |
nextUpdate | CAGW | — |
archiveCutOffWithNextUpdate | CAGW | — |
CRLProfile | CRL | False |
CRLProfileWithArchiveCutOff | CRL | False |
SNListProfile | CRL | True |
SNListProfileWithArchiveCutOff | CRL | True |
Mandatory: Yes.
Response Hash Algorithm
The hash algorithm for the OCSP response signature algorithm. Supported values are the following.
- sha256
- sha384
- sha512
Mandatory: No. This optional value defaults to sha256.
CA certificate
Click Select Files to import the certificate of the CA that issues the certificates validated by Entrust Validation authority.
Each certificate file must contain a certificate in PEM format and Base64 encoding.
Mandatory: Yes.
VA certificate
The certificate described in Generating a VA certificate and key pair. Click Select Files to import this certificate from file.
Each certificate file must contain a certificate in PEM format and Base64 encoding.
Mandatory: Yes.
RSA-PSS is an RSA-based probabilistic signature scheme that enhances the security of RSA signatures.
Use RSA-PSS
Check this box to enable RSA-PSS for the selected Response Hash Algorithm.
RSA-PSS is an RSA-based probabilistic signature scheme that enhances the security of RSA signatures.
Mandatory: No.