Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Distinguished name matching

Owned by Ann Base (Deactivated)
Last updated: Nov 13, 2023 by Josefin Klang (Deactivated)
1 min read

At several places in the Nexus OCSP Responder configuration, one or more certificates can be pointed out by issuer or subject Distinguished Names (DNs). In essence, it is a "scaled-down" matching that behaves the same as subject or DN behaves in the certificate pattern.

  • To define the back-end client's URL lookup table: 

    ocsp.client.urlcheck



  • To specify the OCSP response cache contents:

    ocsp.cache.contents





To specify authorization settings:

ocsp.<#>.incoming.authorization.match

The matching is performed against the complete DN. Wildcards (* and ?) are allowed in the match pattern.



Nexus OCSP Responder uses the following conventions on string representation of a DN:

  • The relative distuingished names (RDNs) are separated by comma (,).

  • No blanks allowed before or after the RDN separator.

  • A trailing blank in the name itself is shown as "\20".



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions