Configure OCSP Validation in Tenable Security Center Director

Required Tenable Security Center User Role: Root user

You can configure Online Certificate Status Protocol (OCSP) validation in Tenable Security Center Director to prevent users from authenticating to Tenable Security Center Director if their certificate matches a revocation on your OCSP server.

Note: Tenable Support does not assist with OCSP configuration in Tenable Security Center Director.

Before you begin:

  • Confirm that you have an OCSP server configured in your environment.

To configure OCSP validation in Tenable Security Center Director:

  1. In a text editor, open the /opt/sc/support/conf/sslverify.conf file.

    1. Set the SSLVerifyClient setting to Require or Optional, as described in SSLVerifyClient.

    2. Set the SSLVerifyDepth setting, as described in SSLVerifyDepth.

    3. Save the file.

      Tenable Security Center Director saves your configuration.

  2. In a text editor, open the /opt/sc/support/conf/vhostssl.conf file.

    1. Add the following content at the end of the file:

      SSLOCSPEnable on

      SSLOCSPDefaultResponder <URI>

      SSLOCSPOverrideResponder on

      Where <URI> is the URI for your OCSP server.

    2. Save the file.

      Tenable Security Center Director saves your configuration.

  3. Restart Tenable Security Center Director, as described in Start, Stop, or Restart Tenable Security Center Director.

    Tenable Security Center Director restarts.