Online certification status protocol

With OCSP, when a site wants to verify the revocation status of a certificate, it sends a request to the CA about the status of the certificate. The CA then responds, confirming the validity (or revocation) of the certificate.

Because not all CAs provide responses, CRLs can provide information about the status of more certificates.

Content Gateway enables you to cache OCSP responses about the revocation state of a certificate. Caching responses may be useful in environments with high amounts of SSL traffic and where saving bandwidth is important.

Use the Configure > SSL > Validation > Revocation Settings tab to configure how Content Gateway keeps revocation information current.

Steps

  1. Specify, in days, how long OCSP data should be cached. If you do not want to cache OCSP data, enter 0. The maximum is 1000 days.
  2. Click Apply.
    For more information about OCSP, see RFC 2560.