OCSP configuration in few steps for Netscape/Mozilla

start Mozilla/Netscape and visit this page

import OpenValidation root CA certificate

simply check download page for Openvalidation.org root CA 1 or 2 (or use link to RootCA certificates below). A simple click on the DER encoded certificate (.crt) will display a Netscape/Mozilla dialog for importing this certificate to the browser certificate database.

rootCA 1.crt

rootCA 2.crt

Mozilla screenshot (certificate import)

Ensure that you don't trust the imported certificate at all, as this is only an insecure Test certificate issued for test purposes only. Confirm your settings (see screenhot) above to import this certificate.

Repeat the import procedure for the OCSP Server certificate. Select the certificate (DER format) from the download page or use the link below. Deactivate all trust connections at the import dialog (see screenshot above) and click ok to import the Responder certificate to your browser database.

OCSPServer1.crt

OCSPServer2.crt

Change your privacy&security preferences of your Mozilla/Netscape (Edit-->Preferences-->Privacy&Security-->Validation). Activate "Use OCSP to validate all certificates using this URL and signer". Select "Responder Signer" from Drop Down menu (Insecure Test OCSPServer - Insecure...).
Service URL must be set to "http://ocsp.openvalidation.org".
(See screenshot below for detailed settings).

Mozilla settings screenshot

Restart browser

Close all browser windows and restart Mozilla/Netscape to make the settings effective.

Check functionality

Check OCSP ability of your browser with sytrusts browser check.

 

Note: Presently only Mozilla 1.0 and Netscape 6.0 support OCSP functionality! OCSP validation through a proxy server is not supported yet by these browsers.