Adding A Crl To The Ocsp - Red Hat CERTIFICATE SYSTEM 7.3 - AGENT GUIDE Manual

Chapter 8. OCSP: Agent Services
2. To verify that the certificate is added successfully, click List Certificate Authorities in the left
frame.
The next page shows information about the CM that was added.
NOTE
If the deployment contains chained CAs, such as a root CA and then several subordin-
ate CAs, add each CA certificate separately to the OCSP responder.

8.3. Adding a CRL to the OCSP

If a situation arises when a CM is unable to publish its CRL to the OCSP, it is possible to add a CRL
manually to the OCSP internal database.
To add a CRL to the internal database, do the following:
1. Open the CM's agent services page.
https://server.example.com:9443/ca/agent/ca
2. Click on Display Revocation List.
3. In the results page, select the desired CRL issuing point, select the option to display the CRL as
base-64, and click Display.
4. In the CRL details page, scroll to the Certificate revocation list base64 encoded section, which
shows the CRL in base-64 format.
5. Copy the base-64 encoded CRL, including the -----BEGIN CERTIFICATE REVOCATION LIST-
---- and -----END CERTIFICATE REVOCATION LIST----- marker lines, to the clipboard or
a text file.
The CRL looks similar to the example:
-----BEGIN CERTIFICATE REVOCATION LIST-----
MIHiMIGNAgEBMA0GCSqGSIb3DQEBBQUAMEsxGDAWBgNVBAoTD0RvbWFpbiBTcG9v
bmJveTEPMA0GA1UECxMGMTAyNnNiMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkXDTA2MTExMzE4MDM0MFoXDTA2MTExMzIyMDM0MFqgDjAMMAoGA1UdFAQD
AgFeMA0GCSqGSIb3DQEBBQUAA0EAlbdl7bPD5yLpBwKkSXeSA1fa8M2TiqNynRS1
B5zDGGAamOBdnKVMEBPEXFsTzk92rjbL0J0KjoMYicTEGO1wKA==
-----END CERTIFICATE REVOCATION LIST-----
78