Use this parameter to decide whether the requestor may include certificates that help the OCSP responder verify the requestor's signature in the certs field of Signature. This list of certificates should help the OCSP responder build a path to the OCSP requestor's certificate.

Parameter syntax

<config_name>.signocsp.includecerts = <value>

Where <value> is one of the following values.

default
all
none

Parameter example

config0.signocsp.includecerts =all

default

Include only the verification certificate for the key that signed the OCSP request.

This is the default configuration when omitting the parameter.

all

Include the full certificate path – that is:

The verification certificate.
All the CA certificate chain up to the root of trust.

Using the full chain could make the OCSP requests very large.

none

Do not include certificates in the OCSP request.

This may make signature verification difficult for the OCSP responder because the responder must be pre-configured with the client's identity.