Type: New Feature
Affects Version/s: None
Fix Version/s: EJBCA 6.1.0
Currently we have one option related to the signer certificate chain in OCSP responses.
- Include certificate chain in response
The signer certificate itself is always included in the response (I think?). This can be:
- A root CA certificate if the responder if directly for a root CA
- A subCA certificate if the responder if directly for a sub CA
- A OCSP signser certificate if the responder is a delegated responder for a CA
There is also the requirement to be able to not include any certificates in OCSP responses, to keep them very small.
Add an option:
- Include signer certificate in response
Default value should be true, which is the same behaviour as today (If I am correct).
With "Include signer certificate in response" unchecked a responder directly on a Root CA will then not include any certificates at all.