Configure OCSP Validation in Tenable Security Center

Required User Role: Root user

You can configure Online Certificate Status Protocol (OCSP) validation in Tenable Security Center to prevent users from authenticating to Tenable Security Center if their certificate matches a revocation on your OCSP server.

Note: Tenable Support does not assist with OCSP configuration in Tenable Security Center.

Before you begin:

• Confirm that you have an OCSP server configured in your environment.

To configure OCSP validation in Tenable Security Center:

1. In a text editor, open the /opt/sc/support/conf/sslverify.conf file.

   1. Set the SSLVerifyClient setting to Require or Optional, as described in SSLVerifyClient.

   2. Set the SSLVerifyDepth setting, as described in SSLVerifyDepth.

   3. Save the file.

      Tenable Security Center saves your configuration.

2. In a text editor, open the /opt/sc/support/conf/vhostssl.conf file.

   1. Add the following content at the end of the file:

      SSLOCSPEnable on

      SSLOCSPDefaultResponder <URI>

      SSLOCSPOverrideResponder on

      Where <URI> is the URI for your OCSP server.

   2. Save the file.

      Tenable Security Center saves your configuration.

3. Restart Tenable Security Center, as described in Start, Stop, or Restart Tenable Security Center.

   Tenable Security Center restarts.