Zorp Professional 7 supports the usage of Online Certificate Status Protocol (OCSP) stapling in servers in encryption policies. Online Certificate Status Protocol (OCSP) stapling is an alternative to the so far available Certificate Revocation Lists (CRL) in verifying the validity of certificates. The protocol is described in details in IETF RFC 6960. It is now also possible to define to what level of strictness the encryption policies shall check the revocation status of the certificates.
Online Certificate Status Protocol stapling provides the following benefits:
The solution enables a more convenient solution of assigning server operators for keeping revocation information up-to-date instead of requiring that from clients.
Due to the smaller size of the used traffic data during OCSP stapling compared to CRL processes, the network load is smaller as well.
Clients can verify the revocation state of a certificate with minor overhead.
For more details, see Section 11.2.5, Verification of certificate revocation state in Zorp Professional 7 Administrator Guide.
Published on March 04, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
