...
For authentication, the requestor must provide a signature by a trusted certificate or an authenticated TLS session to the Nexus OCSP Responder.
To require OCSP requests to be signed, specify as follows in the Nexus OCSP Responder configuration file:
Code Block responder.<r#>.incoming.signature.required=true
To require client authentication during the TLS handshake, configure the responder to use HTTPS and add the following specification:
Code Block responder.<r#>.ssl.clientauth=true
To authorize requests to the Nexus OCSP Responder, configure a name matching filter (a) or trust store verification (b).
To use a name matching filter, specify as follows in the Nexus OCSP Responder configuration file:
Code Block responder.<r#>.incoming.authorization=bynamematch
followed by the required table of rules.
For trust store verification, use:
Code Block responder.<r#>.incoming.authorization=byauthentication
Replace <r#> with the responder sequence number.
...