The Online Certificate Status Protocol (OCSP) URL application definition field determines whether this application uses a general OCSP responder to send requests during certificate validation for end entity certificates.

When a URL is present, the specified OCSP responder is contacted for all end entity certificates to determine revocation status.

The default value for the field is *PGM meaning the program that uses this "application ID" sets the attribute to the appropriate value. All System TLS attributes have an initial default value, which for this attribute is no URL value. Programs can also call gsk_attribute_set_buffer() to explicitly set a URL value.

If *PGM does not result in the required OCSP responder, enter the appropriate OCSP responder URL in this field. HTTP is the only supported URL protocol; therefore, this value must begin with "http://". Setting this value overrides the configuration that is set internally by the program for the URL destination. However, the other configured OCSP attributes continue to be used.

If *PGM results in the application that uses an OCSP responder, yet no general OCSP responder processing is wanted, set this field to “Disable.” This setting overrides a URL internally configured by using gsk_attribute_set_buffer(). Disabling OCSP weakens the security model for the application, so use due diligence before you make this choice.