Configure The Revocation Info Stores - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Configuring the Online Certificate Status Manager
Verify Certificate Manager and Online Certificate Status Manager
Connection
When you restart the Certificate Manager, it tries to connect to the Online Certificate Status
Manager's end-entity SSL port. To verify that the Certificate Manager did indeed
communicate with the Online Certificate Status Manager:
Enter the URL for the Online Certificate Status Manager's Agent interface. The URL
1.
is: h
The Online Certificate Status Manager Agent Services interface appears.
In the left frame, click List Certificate Authorities.
2.
The resulting form should show information about the Certificate Manager (CA) you
configured to publish CRls to the Online Certificate Status Manager. Note the
timestamp:
❍
❍
Configure the Revocation Info Stores
The Online Certificate Status Manager stores each Certificate Manager's CRL in its internal
database and uses it as the default CRL store for verifying the revocation status of
certificates. You can also configure the Online Certificate Status Manager to use the CRL
published to an LDAP directory, instead of the CRL in its internal database. For example, if
you've configured Certificate Managers to publish CRLs to LDAP directories (see Chapter
16, "Publishing"), you can configure the Online Certificate Status Manager to use the CRLs
published to these directories.
To configure the Online Certificate Status Manager to use the CRLs in its internal database
or an LDAP directory for verifying revocation status of certificate:
Log in to the CS window for the Online Certificate Status Manager (see "Logging Into
1.
the CS Console" on page 239).
Select the Configuration tab.
2.
182
Red Hat Certificate System Administrator's Guide • September 2005
ttps://<hostname>:<port>
The This Update and Next Update fields should now be updated with the
appropriate timestamps, indicating that the Certificate Manager did communicate
with the Online Certificate Status Manager.
The Requests Served Since Startup field should show a value of zero (0),
indicating that no OCSP-compliant client has queried the Online Certificate Status
Manager yet for revocation status of a certificate.
.
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?