Skip to main content

OCSP Configuration & Routing – NAC

This document describes how OCSP (Online Certificate Status Protocol) traffic is routed for:

  • Private OCSP responders (internal)
  • External OCSP responders (third-party)

OCSP Endpoints

Private OCSP Responder

Attribute Value
Endpoint 10.171.71.159
Port 80
Routing PRODTGW (tgw-026162f1ba39ce704)

External OCSP Responders

Certain certificates may contain embedded OCSP URLs pointing to external suppliers (e.g., NHS, DHL, etc.).

These destinations are routed via NAT (nat-0172c52327439c749).

NAT-Routed OCSP/CRL Endpoints

Destination (CIDR) Identifier Route Target
132.164.202.105/32 ocsp_debt_kiosk_ip NAT
213.104.100.78/32 ocsp_nhs_oxleas_ip NAT
217.68.20.21/32 ocsp_dhl_failover_ip NAT
20.108.27.177/32 ocsp_prs_ip NAT
51.104.212.188/32 ocsp_dep_ip NAT
89.21.3.52/32 ocsp_dhl_ip NAT
This page was last reviewed on 4 March 2026. It needs to be reviewed again on 4 September 2026 by the page owner #nvvs-devops .