http? https? Which access is required to ocsp.entrust.net?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2022 05:14 AM
Hello,
A public KB article KB0813636 (MID Server can fail to install or upgrade to Orlando due to new external connectivity requirement to ocsp.entrust.net for OCSP certification revocation verification check) describes:
>The MID Server tries to connect to the ServiceNow instance after the upgrade to Orlando. However, with the high-security OCSP check involved, the host machine is not able to make a successful OCSP check against the ServiceNow certificate to the following URI: http://ocsp.entrust.net
However, the article also describes:
>1.On a host that does not have access via http/https to OCSP responder "ocsp.entrust.net"
Does it mean that MID Server must be able to access to both http://ocsp.entrust.net and https://ocsp.entrust.net?
Or is this a misstatement?
Regards,
- Labels:
-
MID Server
-
Multiple Versions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2022 05:35 AM
Also check this article
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0854165
You have to add *.entrust.net in your network to allow traffic .
This issue was there in my environment and it was worst since we were having VPN tunnels via which request and response came and the IP address needed to allow which was not clear as ocsp.entrust.net sit behind a load balancer as told by Hi vendor.
when you ping this url it will response to akamai server. The ip will be static but they told, it will change so you have to whitlist the URL and not the ip.
Hope its helpful to you
Anshu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2022 04:25 PM
Hi anshu,
Thank you for sharing information.
>You have to add *.entrust.net in your network to allow traffic .
Which protocol/port is/are used for connections to *.entrust.net?
HTTP/80? or HTTPS/443? or both?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2023 08:54 PM
Looks like HTTP is required.