Configure OCSP Validation in Tenable Security Center Director
Required User Role: Root user
You can configure Online Certificate Status Protocol (OCSP) validation in Tenable Security Center Director to prevent users from authenticating to Tenable Security Center Director if their certificate matches a revocation on your OCSP server.
Note: Tenable Support does not assist with OCSP configuration in Tenable Security Center Director.
Before you begin:
- Confirm that you have an OCSP server configured in your environment.
To configure OCSP validation in Tenable Security Center Director:
- In a text editor, open the /opt/sc/support/conf/sslverify.conf file.
Set the SSLVerifyClient setting to Require or Optional, as described in SSLVerifyClient.
Set the SSLVerifyDepth setting, as described in SSLVerifyDepth.
Save the file.
Tenable Security Center Director saves your configuration.
- In a text editor, open the /opt/sc/support/conf/vhostssl.conf file.
Add the following content at the end of the file:
SSLOCSPEnable on
SSLOCSPDefaultResponder <URI>
SSLOCSPOverrideResponder on
Where <URI> is the URI for your OCSP server.
Save the file.
Tenable Security Center Director saves your configuration.
-
Restart Tenable Security Center Director, as described in Start, Stop, or Restart Tenable Security Center Director.
Tenable Security Center Director restarts.