Configure OCSP Validation in Tenable Security Center
Required User Role: Root user
You can configure Online Certificate Status Protocol (OCSP) validation in Tenable Security Center to prevent users from authenticating to Tenable Security Center if their certificate matches a revocation on your OCSP server.
Note: Tenable Support does not assist with OCSP configuration in Tenable Security Center.
Before you begin:
- Confirm that you have an OCSP server configured in your environment.
To configure OCSP validation in Tenable Security Center:
- In a text editor, open the /opt/sc/support/conf/sslverify.conf file.
Set the SSLVerifyClient setting to Require or Optional, as described in SSLVerifyClient.
Set the SSLVerifyDepth setting, as described in SSLVerifyDepth.
Save the file.
Tenable Security Center saves your configuration.
- In a text editor, open the /opt/sc/support/conf/vhostssl.conf file.
Add the following content at the end of the file:
SSLOCSPEnable on
SSLOCSPDefaultResponder <URI>
SSLOCSPOverrideResponder on
Where <URI> is the URI for your OCSP server.
Save the file.
Tenable Security Center saves your configuration.
-
Restart Tenable Security Center, as described in Start, Stop, or Restart Tenable Security Center.
Tenable Security Center restarts.