Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. NOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.

[yes/no]

If the system is on the SIPRNET, this requirement is NA. Enable the 'Enable online certificate validation' option. Navigate to the 'deployment.properties' file for Java. /usr/java/jre/lib/deployment.properties Add or update the key 'deployment.security.validation.ocsp' to be 'true'.