diff --git a/SOURCES/tomcatjss-enable-OCSP-from-peer-AIA-extension.patch b/SOURCES/tomcatjss-enable-OCSP-from-peer-AIA-extension.patch
new file mode 100644
index 0000000..81cf29c
--- /dev/null
+++ b/SOURCES/tomcatjss-enable-OCSP-from-peer-AIA-extension.patch
@@ -0,0 +1,39 @@
+From c7e9138d59833ca0b9437fd130d3d9cb2fdf393d Mon Sep 17 00:00:00 2001
+From: John Magne <jmagne@mharmsen-rhel7.usersys.redhat.com>
+Date: Thu, 20 Sep 2018 21:35:20 -0400
+Subject: [PATCH] Fix for Bug 1630469 - CC: tomcatjss: unable to enable OCSP
+ checking from peer AIA extension.
+
+    Now the server.xml can be configured to enable ocsp AND leave other settings null, to trigger
+    NSS to use the AIA extension to locate the ocsp responder.
+
+    ex:
+
+     <Connector name="Secure" port="18443" ...
+         .....
+         enableOCSP="true"  ocspCacheSize="1000" ocspMinCacheEntryDuration="60" ocspMaxCacheEntryDuration="120" ocspTimeout="10"
+---
+ src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+index b38b091..b91c7a4 100644
+--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
++++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+@@ -740,8 +740,11 @@ public class JSSSocketFactory implements
+                             "ocspResponderCertNickname");
+                     debugWrite("JSSSocketFactory init - ocspResponderCertNickname"
+                             + ocspResponderCertNickname + "\n");
+-                    if (StringUtils.isNotEmpty(ocspResponderURL) &&
+-                            StringUtils.isNotEmpty(ocspResponderCertNickname)) {
++
++                    if ((StringUtils.isNotEmpty(ocspResponderURL) &&
++                         	StringUtils.isNotEmpty(ocspResponderCertNickname))  ||
++                        	(StringUtils.isEmpty(ocspResponderURL)
++                            	&& StringUtils.isEmpty(ocspResponderCertNickname))) {
+ 
+                         ocspConfigured = true;
+                         try {
+-- 
+1.8.3.1
+
diff --git a/SPECS/tomcatjss.spec b/SPECS/tomcatjss.spec
index 8f365bd..ae33f46 100644
--- a/SPECS/tomcatjss.spec
+++ b/SPECS/tomcatjss.spec
@@ -1,6 +1,7 @@
 Name:     tomcatjss
 Version:  7.2.1
-Release:  7.1%{?dist}
+#Release:  8%{?dist}
+Release:  8.el7_6
 Summary:  JSS Connector for Apache Tomcat, a JSSE module for Apache Tomcat that uses JSS
 URL:      http://pki.fedoraproject.org/
 License:  LGPLv2+
@@ -56,6 +57,10 @@ Patch3:           tomcatjss-Comply-with-ASF-trademark-rules.patch
 ## tomcatjss-7.2.1-7
 #######################
 Patch4:           tomcatjss-add-TLS-SHA384-ciphers.patch
+#######################
+## tomcatjss-7.2.1-8
+#######################
+Patch5:           tomcatjss-enable-OCSP-from-peer-AIA-extension.patch
 
 # The 'tomcatjss' package conflicts with the 'tomcat-native' package
 # because it uses an underlying NSS security model rather than the
@@ -85,6 +90,7 @@ NOTE:  The 'tomcatjss' package conflicts with the 'tomcat-native' package
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 chmod -c -x LICENSE README
 
 %build
@@ -115,6 +121,10 @@ rm -rf %{buildroot}
 %{_javadir}/*
 
 %changelog
+* Mon Oct 29 2018 Jack Magne <jmagne@redhat.com> 7.2.1-8
+- Bugzilla Bug #1632618 - CC: tomcatjss: unable to enable OCSP checking
+  from peer AIA extension [rhel-7.6.z] (jmagne)
+
 * Tue Sep 18 2018 Matthew Harmsen <mharmsen@redhat.com> 7.2.1-7.1
 - Bumped Release number to support upgrades.