http? https? Which access is required to ocsp.entrust.net?

Kody
Tera Expert

Hello,

A public KB article KB0813636 (MID Server can fail to install or upgrade to Orlando due to new external connectivity requirement to ocsp.entrust.net for OCSP certification revocation verification check) describes:

>The MID Server tries to connect to the ServiceNow instance after the upgrade to Orlando. However, with the high-security OCSP check involved, the host machine is not able to make a successful OCSP check against the ServiceNow certificate to the following URI: http://ocsp.entrust.net

However, the article also describes:

>1.On a host that does not have access via http/https to OCSP responder "ocsp.entrust.net"

Does it mean that MID Server must be able to access to both http://ocsp.entrust.net and https://ocsp.entrust.net?
Or is this a misstatement?

Regards,

3 REPLIES 3

Anshu_Anand_
Kilo Sage
Kilo Sage

Also check this article

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0854165

You have to add *.entrust.net in your network to allow traffic .

This issue was there in my environment and it was worst since we were having VPN tunnels via which request and response came and the IP address needed to allow which was not clear as ocsp.entrust.net sit behind a load balancer as told by Hi vendor.

when you ping this url it will response to akamai server. The ip will be static but they told, it will change so you have to whitlist the URL and not the ip.

 

 

Hope its helpful to you

Regards,
Anshu

Hi anshu,

Thank you for sharing information.

>You have to add *.entrust.net in your network to allow traffic .

Which protocol/port is/are used for connections to *.entrust.net?
HTTP/80? or HTTPS/443? or both?

 

Chris Pike
Tera Contributor

Looks like HTTP is required.