As an alternative, or in addition to publishing revocation information with CRLs, you can choose to enable an Online Certificate Status Protocol (OCSP) responder. An OCSP responder is enabled when OCSPType is set to basic in the CertPolicy section of the PKI Services configuration file as shown in Table 1, and when the certificate contains the necessary OCSP responder information in the AuthInfoAccess extension. (See TEMPLATE sections.)

In order to use an OCSP responder, you must add /usr/lpp/pkiserv/lib to the LIBPATH environment variable for the HTTP Server, in the httpd.envvars file.