For OCSP, by default ClearPass uses nonce with random value (to prevent replay attack) and it expects the same nonce value back. also if you have a OCSP server that does not support nonce check, then you can turn off the nonce check in ClearPass server settings
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------
Original Message:
Sent: Feb 03, 2026 04:25 PM
From: Daniel Ruiz
Subject: Clearpass and OCSP configuration
Great, thank you very much for this useful information. It has been very helpful to me.
------------------------------
Daniel Ruiz
-----------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
------------------------------
Original Message:
Sent: Feb 03, 2026 09:36 AM
From: AMat
Subject: Clearpass and OCSP configuration
Hello!
I just found the solution in another forum (https://learn.microsoft.com/en-us/answers/questions/1184100/ocsp-handshake-issue).
I activated NONCE extension support in properties of the Revocation Configuration on the OCSP server and reboot.
All is working now.
Thank you
