Skip to main content
Skip table of contents

Distinguished name matching

At several places in the Nexus OCSP Responder configuration, one or more certificates can be pointed out by issuer or subject Distinguished Names (DNs). In essence, it is a "scaled-down" matching that behaves the same as subject or DN behaves in the certificate pattern.

Match against issuer DNs
  • To define the back-end client's URL lookup table: 

  • To specify the OCSP response cache contents:

Match against subject DNs

To specify authorization settings:


The matching is performed against the complete DN. Wildcards (* and ?) are allowed in the match pattern.


Nexus OCSP Responder uses the following conventions on string representation of a DN:

  • The relative distuingished names (RDNs) are separated by comma (,).
  • No blanks allowed before or after the RDN separator.
  • A trailing blank in the name itself is shown as "\20".
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.