Good afternoon,

In the documentation 
(https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Importing_the_Certificate)
 it shows how to load externally trusted CA certificate chains with the 
keytool. Is there a way to specify using a specific OCSP responder URI versus 
using the ones listed in the certificates, either with a tomcat configuration 
or somehow set up locally on the OS? Our use case is that we want all clients 
to hit a local OCSP responder with the CRLs cached locally.

In version 21.0.5 of the Keytool, the man page mentions an ExtendedKeyUsage​ 
option for OCSPSigning, but I don’t believe that is exactly what we are looking 
for.

Reply via email to