Preparing To Clone The Online Certificate Status Manager - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Preparing to Clone the Online Certificate Status
Manager
Before you can create a clone of the Online Certificate Status Manager, you must make sure
that the instance you are cloning has been properly installed and configured, since some of
that configuration data is copied over to the new instance. In particular you must verify the
following aspects of the master Online Certificate Status Manager that you want to clone:
Make sure that you have gone through the installation wizard and properly configured
1.
the first Online Certificate Status Manager. See "Configuring the Online Certificate
Status Manager" on page 177.
After finishing the configuration of this master instance, make sure the instance is up
2.
and running.
Make sure that you have already installed the agent certificate for the master Online
3.
Certificate Status Manager. See "Agent Certificates" on page 324 for more information
about agent certificates.
Also consider the following:
4.
OCSP's signing key and certificate—You must use the master Online Certificate
❍
Status Manager's signing key and certificate. If you do not use the master Online
Certificate Status Manager's key and certificate databases, the cloned Online
Certificate Status Manager will need to generate a new signing key and certificate;
consequently, it will not be a clone.
OCSP's SSL server key and certificate—This depends on the way in which you
❍
have deployed the clone environment. If you are using a load balancer, regardless
of whether or not the host machines are different, you do not need to generate a
new SSL server certificate for the cloned Online Certificate Status Manager, since
the SSL server certificate DN should contain the hostname of the load balancer as
the common name (CN) attribute. If the cloned Online Certificate Status Manager
uses the same hostname as that of the master Online Certificate Status Manager
and you are not using a load balancer, you can use the same SSL server certificate
and key copied from the master. If you are not using a load balancer and your
master and cloned Online Certificate Status Managers exist on separate machines
(e. g. - a proprietary configuration which expects usernames [A-M] using one
machine and usernames [N-Z] using the other machine), then the SSL server
certificate DN's should contain the hostname of their resident machines with their
own unique keys obtained by using the renewal process (this scenario requires
advanced manual configuration and therefore is not recommended).
For more detailed information about setting up the master Online Certificate Status
Manager, see "Configuring the Online Certificate Status Manager" on page 177.
Cloning the Online Certificate Status Manager
Chapter 17
Configuring CS for High Availability
663
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
Related Products for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?