Configure the following parameters of the OCSP responder service provided by the Certification Authority.

VA certificate

The certificate described in Generating a VA certificate and key pair. Click Select Files to import this certificate from file.

Each certificate file must contain a certificate in PEM format and Base64 encoding.

Mandatory: Yes.

CA certificate

Click Select Files to import the certificate of the CA that issues the certificates validated by Entrust Validation authority.

Each certificate file must contain a certificate in PEM format and Base64 encoding.

Mandatory: Yes.

Profile ID

The identifier of the profile for processing the certificate status before generating an OCSP response. See below for the response settings defined by each profile.

Profile identifier

nextUpdate

id-pkix-ocsp-archive-cutoff

Status if unknown

Revocation date

basic

revoked

 Jan 1 00:00:00 1970 GMT

archiveCutOff

notBefore date of the CA certificate

revoked

 Jan 1 00:00:00 1970 GMT

nextUpdate

thisUpdate + 8 hours

revoked

 Jan 1 00:00:00 1970 GMT

archiveCutOffWithNextUpdate

thisUpdate + 8 hours

notBefore date of the CA certificate

revoked

 Jan 1 00:00:00 1970 GMT

CRLProfile

good

CRLProfileWithArchiveCutOff

notBefore date of the CA certificate

good

SNListProfile

unknown

SNListProfileWithArchiveCutOff

notBefore date of the CA certificate

unknown

See the below for the Certificates Source and Use SN Lists values supported by each profile.

Profile identifier

Certificates Source

Use SN Lists

basic

CAGW

archiveCutOff

CAGW

nextUpdate

CAGW

archiveCutOffWithNextUpdate

CAGW

CRLProfile

CRL

False

CRLProfileWithArchiveCutOff

CRL

False

SNListProfile

CRL

True

SNListProfileWithArchiveCutOff

CRL

True

Mandatory: Yes.

Response Hash Algorithm

The hash algorithm for the OCSP response signature algorithm. Supported values are the following.

  • sha256
  • sha384
  • sha512

Mandatory: No. This optional value defaults to sha256.