http? https? Which access is required to ocsp.entrust.net?

Kody
Tera Expert

‎04-08-2022 05:14 AM

Hello,

A public KB article KB0813636 (MID Server can fail to install or upgrade to Orlando due to new external connectivity requirement to ocsp.entrust.net for OCSP certification revocation verification check) describes:

>The MID Server tries to connect to the ServiceNow instance after the upgrade to Orlando. However, with the high-security OCSP check involved, the host machine is not able to make a successful OCSP check against the ServiceNow certificate to the following URI: http://ocsp.entrust.net

However, the article also describes:

>1.On a host that does not have access via http/https to OCSP responder "ocsp.entrust.net"

Does it mean that MID Server must be able to access to both http://ocsp.entrust.net and https://ocsp.entrust.net?
Or is this a misstatement?

Regards,

Labels:
0 Helpfuls
  • 2,562 Views
3 REPLIES 3

Anshu_Anand_
Kilo Sage
Kilo Sage

‎04-08-2022 05:35 AM

Also check this article

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0854165

You have to add *.entrust.net in your network to allow traffic .

This issue was there in my environment and it was worst since we were having VPN tunnels via which request and response came and the IP address needed to allow which was not clear as ocsp.entrust.net sit behind a load balancer as told by Hi vendor.

when you ping this url it will response to akamai server. The ip will be static but they told, it will change so you have to whitlist the URL and not the ip.

 

 

Hope its helpful to you

Regards,
Anshu

Kody
Tera Expert
In response to Anshu_Anand_

‎04-08-2022 04:25 PM

Hi anshu,

Thank you for sharing information.

>You have to add *.entrust.net in your network to allow traffic .

Which protocol/port is/are used for connections to *.entrust.net?
HTTP/80? or HTTPS/443? or both?

 

0 Helpfuls

Chris Pike
Tera Contributor

‎02-12-2023 08:54 PM

Looks like HTTP is required.