Configure the following parameters of the OCSP responder service provided by the Certification Authority.
VA certificate
The certificate described in Generating a VA certificate and key pair. Click Select Files to import this certificate from file.
Each certificate file must contain a certificate in PEM format and Base64 encoding.
Mandatory: Yes.
CA certificate
Click Select Files to import the certificate of the CA that issues the certificates validated by Entrust Validation authority.
Each certificate file must contain a certificate in PEM format and Base64 encoding.
Mandatory: Yes.
Profile ID
The identifier of the profile for processing the certificate status before generating an OCSP response. See below for the response settings defined by each profile.
Profile identifier | nextUpdate | id-pkix-ocsp-archive-cutoff | Status if unknown | Revocation date |
|---|---|---|---|---|
basic | — | — | revoked | Jan 1 00:00:00 1970 GMT |
archiveCutOff | — | notBefore date of the CA certificate | revoked | Jan 1 00:00:00 1970 GMT |
nextUpdate | thisUpdate + 8 hours | — | revoked | Jan 1 00:00:00 1970 GMT |
archiveCutOffWithNextUpdate | thisUpdate + 8 hours | notBefore date of the CA certificate | revoked | Jan 1 00:00:00 1970 GMT |
CRLProfile | — | — | good | — |
CRLProfileWithArchiveCutOff | — | notBefore date of the CA certificate | good | — |
SNListProfile | — | — | unknown | — |
SNListProfileWithArchiveCutOff | — | notBefore date of the CA certificate | unknown | — |
See the below for the Certificates Source and Use SN Lists values supported by each profile.
Profile identifier | Certificates Source | Use SN Lists |
|---|---|---|
basic | CAGW | — |
archiveCutOff | CAGW | — |
nextUpdate | CAGW | — |
archiveCutOffWithNextUpdate | CAGW | — |
CRLProfile | CRL | False |
CRLProfileWithArchiveCutOff | CRL | False |
SNListProfile | CRL | True |
SNListProfileWithArchiveCutOff | CRL | True |
Mandatory: Yes.