Online Certificate Status Manager Deployment Considerations; Online Certificate Status Manager Certificates - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Online Certificate Status Manager Deployment Considerations
Online Certificate Status Manager Deployment
Considerations
This section describes the decisions you make during installation that will apply to your
initial configuration of the subsystem.
Online Certificate Status Manager Certificates
When you install the Online Certificate Status Manager, the keys for the OCSP signing
certificate and SSL server certificate are created and a certificate request is made for the
signing certificate and the SSL server certificate.
You submit this request either to a CS CA, or you submit the request to a third party public
CA and then install the certificate you receive from the CA during the rest of the
installation. If you submit the request to a CS CA, the installation program will allow you
submit the request to the CA in the install wizard, and pick up the certificate once it is
approved.
OCSP Signing Key Pair and Certificate
Every Online Certificate Status Manager you have installed has a certificate, identified as
the Online Certificate Status Manager signing certificate, whose public key corresponds to
the private key the Online Certificate Status Manager uses to sign OCSP responses before
sending them to OCSP-compliant clients. The Online Certificate Status Manager's
signature provides persistent proof to an OCSP-compliant client that the Online Certificate
Status Manager has processed the request. The first time you generated this certificate is
when you installed the Online Certificate Status Manager. The default nickname for the
certificate is
identifies the CS instance in which the Online Certificate Status Manager is installed.
The Online Certificate Status Manager's signing certificate was issued by the CA to which
you submitted the certificate signing request.
SSL Server Key Pair and Certificate
Every Online Certificate Status Manager you have installed has at least one SSL server
certificate. The first time you generated this certificate is when you installed the Online
Certificate Status Manager. The default nickname for the certificate is
cert-<instance_id>
Online Certificate Status Manager is installed.
162
Red Hat Certificate System Administrator's Guide • September 2005
ocspSigningCert cert-<instance_id>
, where
<instance_id>
, where
<instance_id>
Server-Cert
identifies the CS instance in which the
Advertisement
Table of Contents
