Good day all,
The question: is there a better way to work around the captive portal over ssl vs. dynamic nature of ip address assignment of ocsp servers. I may have just missed a new feature or setting somewhere..
The "keep adding ip's to the ACL" method is very ineligant and our list for ocsp.entrust.net has topped 120 addresses since we've been keeping track. Since I don't think Akamai (the hosting provider for ocsp,entrust.net) is going to change their modus operandi any time soon, what else can be done?
Turning off ocsp checking, or teaching end users to skip through security warnings for self signed certs aren't generally acceptable options around here, so I'm trying to avoid that.
Cheers,
Todd