Setting Up The Ocsp Responder - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Setting Up the OCSP Responder
Configuration Status. This screen should indicate that your configuration has been
27.
successful and that you need to create an agent for the Online Certificate Status
Manager.
Click Done to exit the Installation Wizard.
You now need to create the first agent user for the Online Certificate Status Manager.
28.
See "Agent Certificates," on page 324 for details.
Setting Up the OCSP Responder
In order to properly set up the Online Certificate Status Manager, you must set up the
following:
Configure every CA that will publish to the OCSP Responder to Publish CRLs. See
1.
Chapter 15, "Revocation and CRLs" for complete details.
Enable Publishing and set up a publisher and a publishing rule(s) to publish CRLs to
2.
the Online Certificate Status Manager in every CA that the OCSP will handle. See
Chapter 16, "Publishing" for complete details. (You do not need to do this if the
Certificate Manager publishes to an LDAP directory and the Online Certificated Status
Manager is set up to read from that LDAP publishing directory.)
You must configure your policies or certificate profiles for every CA that will publish
3.
to the OCSP Responder to include the Authority Information Access extension
pointing to the location at which the Certificate Manager listens for OCSP service
requests (identified as the
certificates that are issued. This extension is necessary to identify the OSCP service. If
you installed the Certificate Manager with the OSCP service on, this extension is
created with the correct information for the OSCP service. If you chose not to
configure the OSCP service, you will have to create this policy and configure it for this
service.
If you installed the Certificate Manager's with its OCSP service feature disabled, a
default policy rule (named
correct attributes for adding the Authority Information Access extension to certificates.
See Chapter 12, "Policies" for details on configuring policies, see
"AuthInfoAccessExt," on page 489 for specific information on this policy module.
Configure the OCSP Responder. See "Configuring the Online Certificate Status
4.
Manager," on page 177. Pay close attention to configuring the following:
❍
176
Red Hat Certificate System Administrator's Guide • September 2005
AuthInfoAccessExt
AuthInfoAccessExt
Configure the Revocation Info stores. See "Configure the Revocation Info Stores,"
on page 182.
instance in the policy framework.) in
) is created, but it may not have the
Advertisement
Table of Contents
