| addsslocspresponder |
Use this method to adds an OCSP responder. An OCSP responder identifies the OCSP server that validates a certificate. Citrix ADCs support OCSP as defined in RFC 2560. |
Syntax |
Parameters |
name |
Name for the OCSP responder. Cannot begin with a hash (#) or space character and must contain only ASCII alphanumeric, underscore (_), hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the responder is created.
The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my responder" or 'my responder'). This is mandatory parameter. |
url |
URL of the OCSP responder. This is mandatory parameter. |
cache |
Enable caching of responses. Caching of responses received from the OCSP responder enables faster responses to the clients and reduces the load on the OCSP responder. Default value = DISABLED. |
cachetimeout |
Timeout for caching the OCSP response. After the timeout, the Citrix ADC sends a fresh request to the OCSP responder for the certificate status. If a timeout is not specified, the timeout provided in the OCSP response applies. Default value = 1. Minimum value = 1. Maximum value = 43200. |
batchingdepth |
Number of client certificates to batch together into one OCSP request. Batching avoids overloading the OCSP responder. A value of 1 signifies that each request is queried independently. For a value greater than 1, specify a timeout (batching delay) to avoid inordinately delaying the processing of a single certificate. Minimum value = 1. Maximum value = 8. |
batchingdelay |
Maximum time, in milliseconds, to wait to accumulate OCSP requests to batch. Does not apply if the Batching Depth is 1. Minimum value = 1. Maximum value = 10000. |
resptimeout |
Time, in milliseconds, to wait for an OCSP response. When this time elapses, an error message appears or the transaction is forwarded, depending on the settings on the virtual server. Includes Batching Delay time. Minimum value = 100. Maximum value = 120000. |
ocspurlresolvetimeout |
Time, in milliseconds, to wait for an OCSP URL Resolution. When this time elapses, an error message appears or the transaction is forwarded, depending on the settings on the virtual server. Minimum value = 100. Maximum value = 2000. |
respondercert |
trustresponder |
A certificate to use to validate OCSP responses. Alternatively, if -trustResponder is specified, no verification will be done on the reponse. If both are omitted, only the response times (producedAt, lastUpdate, nextUpdate) will be verified. |
producedattimeskew |
Time, in seconds, for which the Citrix ADC waits before considering the response as invalid. The response is considered invalid if the Produced At time stamp in the OCSP response exceeds or precedes the current Citrix ADC clock time by the amount of time specified. Default value = 300. Maximum value = 86400. |
signingcert |
Certificate-key pair that is used to sign OCSP requests. If this parameter is not set, the requests are not signed. |
usenonce |
Enable the OCSP nonce extension, which is designed to prevent replay attacks. |
insertclientcert |
Include the complete client certificate in the OCSP request. |
httpmethod |
HTTP method used to send ocsp request. POST is the default httpmethod. If request length is > 255, POST wil be used even if GET is set as httpMethod Default value = NS_HTTP_METHOD_POST. |
Return Value |
Returns simpleResult |
See Also |