Manage OCSP Certificates

The Manage OCSP Certificate feature in emCA allows users to configure the created OCSP certificate at the specified URL. This is useful for deploying the OCSP certificate to a public-facing web server or other device where it can be accessed by clients.

Configure OCSP Certificates

An Officer can manage the Online Certificate Status Protocol (OCSP) certificates of CAs in his/her own group using the following UI.

After generation, OCSP certificates must be manually mapped to the corresponding CA using this UI.

Click on "Search" to open the following filter pop-up:

You can filter for all elements except Actions in the above table using equal or contains comparator.

Click "Search" to apply the selected filter. Tap "Reset" to remove the filter.

Export the entire table to an XLSX file by clicking "Export to Excel". You will find the downloaded file in the standard download location of your OS..

To map an OCSP certificate to an existing CA, simply click on "OCSP Config".

Select the CA to which the OCSP certificate should be mapped.

Enter the URL to your OCSP Core Responder in the OCSP URL.

For an EmCA application with an internal OCSP Core Responder, this URL will be:


where <application_net_address> is the Application Network address of your EmCA application.

An example of a user interface can be seen in the image below.

Inspect the CA's certificate by clicking "View" next to the registered CA. The OCSP certificate can also be inspected by clicking "View" next to the desired certificate.

  • DER-encoded X.509 certificate (.cer)

  • Base64-encoded X.509 certificate (.cer)

  • Cryptographic Message Syntax Standard PKCS#7 certificate (.p7b)

Select the export format of your choice and click "Download" to start the download of the user certificate. The user certificate will be downloaded to the standard download location of your OS.

Last updated