Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

A QUICK QUESTION ABOUT ANYCONNECT THIRD PARTY CA WITH OCSP RESPONDER.

Hi guys,

i have successfully implemented anyconnect with a third party ca server (EBJCA) and CRL for revocation checking.

Now i want to implement OCSP instead of CRL.

I followed this document:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00809a3fa5.shtml

In this document it is mentioned that :

Configure OCSP

Configure OCSP Responder Certificate

The OCSP configuration can vary dependent upon the OCSP responder       vendor. Read the manual of the vendor for more information.

  1. Obtain a self-generated certificate from the OCSP             responder ?

  2. Follow the procedures mentioned previously and install a             certificate for the OSCP server.

    Note: Make sure that revocation-check is set to none.                 OCSP checks do not need to happen on the actual OCSP server.

1- My question is how to generate a self signed certificate from OCSP ?

2- If we are not able to get a self signed certificate from OCSP Responder, is there any other work arround ?

3- last why we use certificate mapping rule for OCSP certificate mentioned in the DoD's document.

feel free to share your views.

247
Views
0
Helpful
0
Replies
CreatePlease to create content