server/WEB-INF/conf/sources.bml

This configuration file specifies the locations from which the Validation Responder loads OCSP response lists. Each location is specified using a URL from which the list or lists can be downloaded. URLs can be specified using the 'http', 'ftp' or 'file' protocols, which allows lists to be retrieved from either the network or a mounted file system.

This file can be used to override the default settings from:

Copy

server/WEB-INF/conf/sources-defaults.bml

It can be used to specify the properties in the following subsections.

Property: proofListSuffixes

Default	.prf, .prfd
Description	This property specifies the file extensions that the Validation Responder will recognize as indicating OCSP response list files when processing a directory OCSP response list source. You can configure the Validation Responder to recognize other file extensions as OCSP response lists by adding to the list.
Example	<property name="proofListSuffixes"> <bean class="java.util.Vector"> <add><string>.prf</string></add> <add><string>.prfd</string></add> </bean> </property>

Default

.prf, .prfd

Description

This property specifies the file extensions that the Validation Responder will recognize as indicating OCSP response list files when processing a directory OCSP response list source. You can configure the Validation Responder to recognize other file extensions as OCSP response lists by adding to the list.

Example

</bean>

</property>

Property: cacheDirectory

Default	false
Description	This property specifies whether the Validation Responder should respond to validation requests before all OCSP response list sources are loaded. If this property is set to true, then the Validation Responder waits until all the OCSP response list sources have been loaded before responding to requests. If this property is set to false, then the Validation Responder will come online quickly, but it may be unable to respond to some requests until all data has been loaded.
Example	<property name="loadBeforeStart" value="false"/>

Property: relayURL

Default	By default this feature is disabled.
Description	The relayURL parameter specifies a URL to which it will forward OCSP requests in the following conditions: Request contains a nonce. Validation Responder does not contain status information for a certificate issued by a known certificate issuer. When an OCSP request queries the status of more than one certificate. The Validation Responder forwards these requests to Validation Authority which uses its Direct OCSP Interface functionality to provide a traditional OCSP response. Unlike pre-generated OCSP response lists, Validation Authority generates these OCSP responses only when requested. By default, this feature is not selected. To enable relaying of OCSP requests that contain a nonce or a certificate of unknown status and known issuer, remove the comment characters at the beginning and end of the parameter (<!-- and -->, respectively) and replace the example URL http://some.ocsp.server with the URL of Validation Authority to which the requests should be forwarded.
Example	<!--<init-param> <param-name>relayURL</param-name> <param-value>http://authority-name/responder</param-value> </init-param>-->

Default

By default this feature is disabled.

Description

The relayURL parameter specifies a URL to which it will forward OCSP requests in the following conditions:

Request contains a nonce.
Validation Responder does not contain status information for a certificate issued by a known certificate issuer.
When an OCSP request queries the status of more than one certificate.

The Validation Responder forwards these requests to Validation Authority which uses its Direct OCSP Interface functionality to provide a traditional OCSP response. Unlike pre-generated OCSP response lists, Validation Authority generates these OCSP responses only when requested.

By default, this feature is not selected. To enable relaying of OCSP requests that contain a nonce or a certificate of unknown status and known issuer, remove the comment characters at the beginning and end of the parameter (, respectively) and replace the example URL http://some.ocsp.server with the URL of Validation Authority to which the requests should be forwarded.

Example

<!--<init-param>

<param-name>relayURL</param-name>

<param-value>http://authority-name/responder</param-value>

</init-param>-->