In this example, two urlcheck
parameters are configured in succession.
- If the OCSP request contains a
serviceLocator
extension, that is, if the queried certificate contains an authorityInformationAccess
extension, specifying an OCSP URL, this URL will be used in first hand. - If no such URL exists, or if the response is not considered valid, Nexus OCSP Responder will check if the certificate is issued by the Acme TrustCenter CA using a hardcoded URL for revocation information.
In the OCSP configuration file, specify as follows:
CODE
ocsp.client.urlcheck.1=servicelocator
ocsp.client.urlcheck.2=table
ocsp.client.urlcheck.2.table.1.issuermatch=*o=Acme*
ocsp.client.urlcheck.2.table.1.url=http://ocsp.acme.com/ca01