Basic and standard OCSP policies
The basic and standard OCSP policies support the same fields.
The supported fields for a request are as follows. Where an entry is marked as "not supported", IBM MQ does not attempt to process a request containing a field of that specific type, but does process other requests containing the same higher-level field.- Signature (Optional)
- Version (Version 1 Only)
- RequesterName (Optional)
- RequestList (single request only)
- CertID 1
- singleRequestExtensions (not supported)
- RequestExtensions
- Nonce (if enabled)
The supported fields for a response are as follows:
- ResponseStatus
- Response
- responseType (id-pkix-ocsp-basic)
- BasicOCSPResponse
- Signature
- Certs
- Extensions
- extendedKeyUsage
- id-kp-OCSPSigning
- id-pkix-ocsp-nocheck
- ResponseData
- Version (Version 1 Only)
- ResponderID (by name or by hash)
- ProducedAt (ignored)
- Responses (multiple responses supported)
- SingleResponse
- certID
- certStatus
- RevokedInfo (ignored)
- thisUpdate (ignored)
- nextUpdate
- singleExtensions (ignored)
- SingleResponse
- responseExtensions
- Nonce (if enabled)
Parent topic: Certificate validation and trust policy design on UNIX, Linux and Windows systems 1 This field is called reqCert in RFC 2560