When a device uses OCSP, it is referred to as the OCSP client (or requester). This client sends a verification request to a server device called the OCSP responder. ScreenOS supports Verisign and Valicert as OCSP responders. The client’s request contains the identity of the certificate to check.
If the certificate of the responder is not embedded in the OCSP response or stored locally, then the device verifies the signature by using the CA certificate that issued the certificate in question.
Select a Certificate Authority from the Verify OCSP response with CA drop-down list.