X.509 certificates may contain an optional AIA extension which contains one or more addresses of OCSP Responders (OCSRs) to be used to check revocation status. In addition to these certificate OCSRs, one alternate OCSR URL may be configured. If this alternate responder is designated as preferred, then it will be tried before the certificate‘s AIA responders. If not preferred, then the alternate responder will be tried after the AIA responders.
Use the set pki ocsp responder commander to configure an alternate OCSP responder (OCSR) URL for the OCSR used to check revocation status.