Changing the OCSP Enforcement Mode

By default, NNMi is set to enforce OCSP.

To change the product’s enforcement of OCSP, follow these steps:

  1. Edit the following file:

    Windows: %NnmDataDir%\nmsas\NNM\conf\nms-auth-config.xml

    Linux: $NnmDataDir/nmsas/NNM/conf/nms-auth-config.xml

  2. Within the <ocsp> section of the file (find the <ocsp> tag), search for the line that begins with the following text:

    <mode>
  3. Change the line to read as one of the following:

    <mode><value></mode>

    where <value> is one of the following:

    • ENFORCE: Enforce OCSP where specified in the certificates
    • ATTEMPT: Check OCSP but allow access if OCSP is not available
    • REQUIRE: Require and enforce OCSP in certificates
  4. Save the nms-auth-config.xml file.
  5. Run the following command for the change to take effect:

    nnmsecurity.ovpl -reloadAuthConfig