Specify settings for validation
Do not use OCSP for certificate verification. Select this setting if you don't want Certificate Manager to perform an online status check each time it verifies a certificate. Instead, whenever Certificate Manager performs certificate verification, it only confirms the certificate's validity period and that it is correctly signed by a CA whose own CA certificate is both listed under the CA Certificates tab (in the main Certificate Manager window) and marked as trusted for issuing that kind of certificate. Use OCSP to verify only certificates that specify an OCSP service URL. Select this setting if you want Certificate Manager perform an online status check each time it verifies a certificate that specifies a URL for the purpose of performing such a check. If a URL is specified by the certificate, Certificate Manager makes sure that the certificate is listed there as valid and checks the validity period and trust settings. Use OCSP to verify all certificates, using the URL and signer specified here. Select this setting if you want Certificate Manager to perform an online status check each time it verifies any certificate. If you select this setting, you should also choose the certificate from the Response Signer pop-up menu that identifies the signer of the OCSP responses. With this setting, the only certificates Certificate Manager recognizes are those that can be verified by an OCSP response signed with the Response Signer certificate (or signed using a certificate that chains to it).
When you choose a Response Signer certificate from the pop-up menu, Certificate Manager fills in the Service URL (if available) for that signer automatically. If the Service URL is not filled in automatically, you must provide it yourself; ask your system administrator for details.