Configure OCSP Validation in Tenable.sc

Required User Role: Root user

You can configure Online Certificate Status Protocol (OCSP) validation in Tenable.sc to prevent users from authenticating to Tenable.sc if their certificate matches a revocation on your OCSP server.

Note: Tenable Support does not assist with OCSP configuration in Tenable.sc.

Before you begin:

  • Confirm that you have an OCSP server configured in your environment.

To configure OCSP validation in Tenable.sc:

  1. In a text editor, open the /opt/sc/support/conf/sslverify.conf file.
    1. Set the SSLVerifyClient setting to Require or Optional, as described in SSLVerifyClient.

    2. Set the SSLVerifyDepth setting, as described in SSLVerifyDepth.

    3. Save the file.

      Tenable.sc saves your configuration.

  2. In a text editor, open the /opt/sc/support/conf/vhostssl.conf file.
    1. Add the following content at the end of the file:

      SSLOCSPEnable on

      SSLOCSPDefaultResponder <URI>

      SSLOCSPOverrideResponder on

      Where <URI> is the URI for your OCSP server.

    2. Save the file.

      Tenable.sc saves your configuration.

  3. Restart Tenable.sc, as described in Start, Stop, or Restart Tenable.sc.

    Tenable.sc restarts.