openfire-docker-compose/federation/xmpp/2/conf/security/java.security

# Enable client-driven OCSP
ocsp.enable=true

# Enable CRL Distribution Points extension in certificates (download CRL from URL in certificate)
org.bouncycastle.x509.enableCRLDP=true