PKI Pre-Installation Guide
Version 2.0.0
Page 13
1.
IP address or name of an OCSP Responder/Repeater along with the port being used. The
default port is usually 80. Multiple responder/repeaters may be listed; they will be tried
in order until a response is received.
IP Address or Name: __________________________________ Port: _______
IP Address or Name: __________________________________ Port: _______
IP Address or Name: __________________________________ Port: _______
2.
IP address or name of the proxy server needed to access the OCSP Responder/Repeater
along with the port being used. This is an optional setting and only needed if the OCSP
Responder/Repeater is on the internet instead of the local intranet.
IP Address or Name: __________________________________ Port: _______
3.
The maximum time in seconds that the MFP should wait for a connection to or response
from the OCSP Responder/Repeater. If a connection/response is not received in that
time, the next OCSP Responder/Repeater will be tried. The default is 10 seconds.
Timeout: ______ (seconds)
4.
Certificate used by the OCSP Responder/Repeater to sign its response. This is used to
validate that the response from the OCSP Responder/Repeater is from a trusted source.
Certificate: Please have file ready at install time.
3.2.2.1.2
User Lookup
In order to read other attributes that correspond to the authenticated user from Active Directory,
the device will need to construct an LDAP query based on information obtained from the user’s
card.
1.
The useful information on the card is described in
User Configuration Information
on
page 2. Check the box next to the card information to use:
□
User Principal Name –
12345678@mil
□
RFC822 Name –
□
Subject Name –
CN=SMITH.JOE.12345678, OU=Contractor, OU=PKI,
OU=DoD, O=U.S. Government, C=US
□
EDIPI –
12345678
2.
The LDAP attribute representing the data read from the card as described in item 2 above
is also required. For example, if User Principal Name is used, the LDAP attribute is
usually “userPrincipalName”.