Online Certificate Status Manager Deployment Considerations
•
An End-Entity interface that is accessible by anyone who can access that URL. The
end-entity interface listens for requests on the SSL or Non-SSL End Entity Ports. It
does not contain HTML forms, but is used for requests to the OCSP responder. Both
are configured during installation.
https://<CS_host_dnsname>:<port_number>
For example:
https://services.example.com:7172
Password Storage
Each subsystem stores passwords for its internal database, and for the tokens containing its
keys and certificates. See "System Passwords," on page 244 for information on how these
passwords are stored.
Tokens
You choose either the
external token to store the signing certificate and key pair and the SSL signing certificate
and key pair.
If you are using an external token, you will need to install it before you run the Installation
Wizard. In the wizard, you can select from a list of already installed and available tokens.
For example,
Internal Database
Each subsystem uses an internal database to store information (such as certificates and
certificate requests) used by the subsystem you will be installing in this CS instance. By
default, a separate internal database is created for each subsystem you configure. You can
choose to use the same internal database for more than one subsystem by specifying this
when running the installation wizard to configure that subsystem. You should carefully
consider whether you want to store this information in a separate internal database for each
subsystem or use one internal database for all subsystems installed on the host.
It's recommended that you do not use this Directory Server instance for any other purposes;
the directory schema will be configured for storing CS data.
164
Red Hat Certificate System Administrator's Guide • September 2005
token (if you plan to use the internal/software token) or an
internal
. For installation instructions, see "External Token" on page 306.
HSM