KB Article #176023

Distributing a self-signed OCSP cert after renewing it in the UI

Problem

-- When you click 'renew' to renew a self-signed OCSP cert, does it have to be distributed to clients?

Resolution

* When you renew via the UI, it uses the same key, so if the validating application checks the signature but no the expiration, it will still validate.  With direct trust, the expiration is not usually taken into account and the certificate is used for the key only while in delegated mode, the expiration is important and it is checked.  It is better in all cases if you distribute it.

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.