10 - Online Certificate Status Protocol


Online Certificate Status Protocol (OCSP) enables ONTAP applications that use TLS communications, such as LDAP or TLS, to receive digital certificate status when OCSP is enabled. The application receives a signed response signifying that the certificate requested is good, revoked, or unknown.

OCSP enables determination of the current status of a digital certificate without requiring certificate revocation lists (CRLs).

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


By default, OCSP certificate status checking is disabled. It can be turned on with the command security config ocsp enable -app app name, where the app name can be autosupport, audit_log, fabricpool, ems, kmip, ldap_ad, ldap_nis_namemap, or all. The command requires advanced privilege level.

See Also