CA/Required or Recommended Practices: Difference between revisions

Jump to navigation Jump to search

CA/Required or Recommended Practices (view source)

Revision as of 16:36, 16 September 2014

173 bytes removed ,  16 September 2014
→‎OCSP
Line 113: Line 113:


You MUST test your OCSP service in Firefox! We expect OCSP responders to function without error in Mozilla products. To test in Firefox:
You MUST test your OCSP service in Firefox! We expect OCSP responders to function without error in Mozilla products. To test in Firefox:
* Go to Firefox -> Preferences... -> Advanced -> Certificates -> Validation
* Go to Firefox -> Preferences... -> Advanced -> Certificates
* Check the box for "Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates", and the item "Validate a certificate if it specifies and OCSP Server"
* Check the box for "Query OCSP responder servers to confirm the current validity of certificates"
* Check the box for "When an OCSP server connection fails, treat the certificate as invalid"
* Close the popup
* You may need to clear your cache
* You may need to clear your history cache
* Browse to a website whose SSL certificate chains up to your root and has the corresponding OCSP URI in the AIA extension.
* Browse to a website whose SSL certificate chains up to your root and has the corresponding OCSP URI in the AIA extension.


Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1015435"

Navigation menu