Basic and standard OCSP policies

The basic and standard OCSP policies support the same fields.

The supported fields for a request are as follows. Where an entry is marked as "not supported", IBM MQ does not attempt to process a request containing a field of that specific type, but does process other requests containing the same higher-level field.

Signature (Optional)
Version (Version 1 Only)
RequesterName (Optional)
RequestList (single request only)
- CertID ¹
- singleRequestExtensions (not supported)
RequestExtensions
- Nonce (if enabled)

The supported fields for a response are as follows:

ResponseStatus
Response
- responseType (id-pkix-ocsp-basic)
- BasicOCSPResponse
  - Signature
  - Certs
    - Extensions
    - extendedKeyUsage
      - id-kp-OCSPSigning
    - id-pkix-ocsp-nocheck
  - ResponseData
    - Version (Version 1 Only)
    - ResponderID (by name or by hash)
    - ProducedAt (ignored)
    - Responses (multiple responses supported)
      - SingleResponse
        
        certID
        certStatus
        
        RevokedInfo (ignored)
        
        thisUpdate (ignored)
        nextUpdate
        singleExtensions (ignored)
    - responseExtensions
      - Nonce (if enabled)

Parent topic: Certificate validation and trust policy design on UNIX, Linux and Windows systems ¹ This field is called reqCert in RFC 2560