Enabling OCSP Support - Documentation

Enabling PIV/CAC Authentication in LiveWire

Enabling PIV/CAC Authentication in LiveWire

LiveWire: Enabling PIV/CAC Authentication in LiveWireDownload PDF

Enabling PIV/CAC Authentication in LiveWire : Enabling OCSP Support

Enabling OCSP Support

LiveWire uses the NGINX web server to support OCSP. Enabling the feature requires modifying an NGINX configuration file.

To enable OCSP support, perform the following steps:

1. Connect to LiveWire and start an `ssh` session.

ssh admin@Omnipeek

2. Modify the NGINX configuration.

LiveWire uses the NGINX web server to support OCSP. Enabling the feature requires modifying an NGINX configuration file.

sudo nano /etc/nginx/sites-available/omni-client-auth

3. Once the editor is loaded, add the following lines immediately under the ssl_verify_client on; directive near the end of the file and save the file. This enables the use of OCSP:

ssl_ocsp leaf;

resolver 8.8.8.8;

NOTE: The IP address given by the `resolver` directive (in this example, a Google DNS server) must be the IP address of any DNS server capable of resolving the host names placed in each certificate's OCSP extension.

4. Restart the NGINX service. The new settings will not take effect until NGINX is restarted.

sudo systemctl restart nginx

Using the PIV/CAC Card Local User Management