Converting A Master Ocsp Into A Cloned Ocsp; Converting A Cloned Ocsp Into A Master Ocsp - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.2 - ADMINISTRATION:
- Manual (240 pages) ,
- Reference manual (337 pages) ,
- Release note (24 pages)
Table of Contents
Advertisement
g. Disable CRL generation requests redirection by removing the following two lines:
master.ca.agent.host=hostname
master.ca.agent.port=port number
4. Start the new master CA server.
/etc/init.d/instance_ID start
19.4.3. Converting a Master OCSP into a Cloned OCSP
Since only one master OCSP Responder can exist for a Certificate System installation, the offline
master must first be converted into a cloned OCSP Responder before one of the cloned OCSPs
becomes the new master OCSP.
1. Stop the OCSP master, if it is still running.
2. Open the existing master OCSP configuration directory.
cd /var/lib/master_ID/conf
3. Edit the CS.cfg, and add the following line; 21600 is the default value for a cloned OCSP. This
value can be changed to any other non-zero number.
OCSP.Responder.store.defStore.refreshInSec=21600
19.4.4. Converting a Cloned OCSP into a Master OCSP
After converting the existing offline master OCSP responder into an offline cloned OCSP, one of the
online cloned OCSP responders must be converted into the new online master OCSP responder.
1. Stop the online cloned OCSP server.
/etc/init.d/instance_ID stop
2. Open the cloned OCSP responder's configuration directory.
cd /var/lib/instance_ID/conf
3. Open the CS.cfg file, and delete the following line. 21600 is the default value for a cloned OCSP
Responder. This value can be equal to any other non-zero number.
OCSP.Responder.store.defStore.refreshInSec=21600
Converting a Master OCSP into a Cloned OCSP
423
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.2 - ADMINISTRATION and is the answer not in the manual?
Questions and answers