AE Services client performs revocation check on the certificates provided by AE Services server using Online Certificate Status Protocol (OCSP). Certificate revocation status determines if the certificate is valid with the issuing Certificate Authority (CA) every time when the new secure connection request is initiated. If certificate is REVOKED, the AE Services client rejects the secure connection request.
Before using OCSP revocation check for certificates ensure that either AE Services server certificate contains OCSP responder URL inside certificate AIA extension or OCSP responder URL is configured in TSAPI client configuration. By default, OCSP revocation check on AE Services Server provided certificate is disabled.
OCSP revocation check has the following three levels:
NONE: Does not perform OCSP revocation check.
BEST_EFFORT: allows the secure connection only if certificate is not revoked and if the certificate revocation status can not be fetched. For example, network issues.
MANDATORY: allows the secure connection only if certificate is not revoked. The default value is 1.
OCSP Revocation Check Method=1
OCSP Responder URI can be specified if no OCSP responder URI is present in the certificate provided by AE Services server certificates. Also, if OCSP Responder URI Preference is set to 'ocal, OCSP Responder URI can be set here. The default value is empty.
OCSP Responder URI=http://127.0.0.1:1234
OCSP Responder URI Preference defines whether the URI presented in presented certificate should be used or Local OCSP responder URI provided shall be used. 1 = Use OCSP Responder URI presented in certificate AIA field. 2 = Use OCSP Responder URI presented in configuration file. The default value is 1.
OCSP Responder URI Preference=1
