Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

OCSP from within a private network

Created: 26 Sep 2013 • Updated: 06 Jun 2014

We have a few windows 7 clients in a private network that can only access an online payment processing website. This website uses java and needs to verify verisign certificates via ocsp.verisign.com.

Because of the nature of this network we cant allow the ocsp request to go out to http://ocsp.verisign.com. 

I have a Microsoft OCSP server (2008 R2) and I have read that its possible to configure my server to handle this request but I havent had any luck so far.

I have created a revocation configuration for verisign using the VeriSign Class 3 Public Primary Certification Authority - G5 and downloaded and placed the corresponding CRL for the Root certificate on a web server and specified that location in the revocation provider.

The clients are contacting my ocsp server, but they recieve the responseStatus: Unauthorized (6)

Firstly, is this scenario even possible? 

Can anyone provide guidance on what I need to look for? 

Thanks!

Operating Systems: