Mid Servers - oscp.entrust.net by pass
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2020 04:00 AM
Has anyone been able to use a mid server that absolutely can't access the ocsp.entrust.net url for ocsp checking in Orlando?
We have a mid server that can not access OCSP, and due to some things in play - we can not configure it to do so. Is there any way around this?
---- Editing to add additional information --
We followed KB article https://hi.service-now.com/kb_view.do?sysparm_article=KB0854165 indicating OCSP checking could be disabled.
In MID Server Properties "com.glide.communications.httpclient.verify_revoked_certificate"
and
set value to false mid.security.validation.endpoints" and clear the value so it is empty.
MID Server still received the same error. Per documentation this is a requirement for MID Connectivity.
Thanks in Advance,
Jason
- Labels:
-
MID Server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2020 04:02 AM
Hi Jason,
please follow the article below:
https://hi.service-now.com/kb_view.do?sysparm_article=KB0854165
2. Can you disable the OSCP feature?
Yes, you can disable by following the below steps:
a). Navigate to MID Server -> Properties. Find "com.glide.communications.httpclient.verify_revoked_certificate" and set value to false
b) Navigate to MID Server -> Properties. Find "mid.security.validation.endpoints" and clear the value so it is empty. (you will see why this needs to be done with answers to other questions.)
c) Restart the MID Server.
If I have answered your question, please mark my response as correct and/or helpful.
Thank you very much
Cheers
Alberto
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2020 04:04 AM
We followed KB article https://hi.service-now.com/kb_view.do?sysparm_article=KB0854165 indicating OCSP checking could be disabled.
In MID Server Properties "com.glide.communications.httpclient.verify_revoked_certificate"
and
set value to false mid.security.validation.endpoints" and clear the value so it is empty.
MID Server still received the same error. Per documentation this is a requirement for MID Connectivity.
I have been working with a Tech from ServiceNOW, and they are looking into it, and asked me to take a look at the forum.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2020 08:59 AM
We just upgraded our Sandbox to Paris (we are on New York in Production).
I tried the steps you mentioned, but we are still getting these errors on all our MID Servers.
Anyone have any luck bypassing this?
Our Network team and Enterprise Security teams have concerns that they want an HTTP connection to this site. Per them it should be an HTTPS connection. So we are currently stuck on this. We either need to find a way for it to be an HTTPS connection or disable this check.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2020 03:59 AM
mpm,
We did not have any luck disabling this check - and it seems to be needed - contrary to what the documentation is saying. We had to move the mid server inside our DMZ - and open up the firewall. I hope you can get a better response.
Thanks,
Jason
