Section – Allowed Network Endpoints

Section OCSP Servers

Field

Description

Autodetect OCSP servers

When enabled, OCSP server URLs from configured SSL certificates are automatically collected and whitelisted. The URLs are extracted from the OCSP field in the x509 extension Authority Information Access.

Note that ACME services do not support OCSP, so the automatic recognition does not work for ACME certificates. See section Usage below.

Destination

The FQDN hostname, IPv4/IPv6 address, or network (CIDR) of the external service to be reached.

Port

Port of the service on the allowed host endpoint.

Usage

By default, Airlock Gateway refuses connections from its own components to arbitrary network endpoints on the internet. To allow certain hosts, they can be added manually to the Destination field with hostname/IP and port. OCSP host URLs can be added automatically based on the configured non-ACME-based SSL certificates.

ACME configuration:

Adding ACME services to the list of allowed network endpoints is not required. Instead, a firewall rule is automatically set for each ACME service used by a virtual host to allow the network endpoint. The host and port information is extracted from the URL field described in the article Add or configure a new ACME Service.