1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. CERTIFICATE SYSTEM 8 - AGENTS GUIDE
  6. Agents manual

Adding A Crl To The Online Certificate Status Manager - Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE Agents Manual

Using web-based agent services
Hide thumbs
Table of Contents

Advertisement

12. To verify that the certificate is added successfully, click List Certificate Authorities in the left
frame.
The next page shows information about the Certificate Manager that was added.
NOTE
If the deployment contains chained CAs, such as a root CA and then several
subordinate CAs, add each CA certificate separately to the OCSP responder.

8.3. Adding a CRL to the Online Certificate Status Manager

If a situation arises when a Certificate Manager is unable to publish its CRL to the Online Certificate
Status Manager, it is possible to add a CRL manually to the Online Certificate Status Manager internal
database.
To add a CRL to the internal database:
1. Open the Certificate Manager's agent services page.
https://server.example.com:9444/ca/ee/ca
2. Click on Display Revocation List.
3. In the results page, select the desired CRL issuing point, select the option to display the CRL as
base 64 encoded, and click Display.
4. In the CRL details page, scroll to the Certificate revocation list base64 encoded section, which
shows the CRL in base-64 format.
5. Copy the base-64 encoded CRL, including the -----BEGIN CERTIFICATE REVOCATION
LIST----- and -----END CERTIFICATE REVOCATION LIST----- marker lines, to the
clipboard or a text file.
The CRL looks similar to the example:
-----BEGIN CERTIFICATE REVOCATION LIST-----
MIHiMIGNAgEBMA0GCSqGSIb3DQEBBQUAMEsxGDAWBgNVBAoTD0RvbWFpbiBTcG9v
bmJveTEPMA0GA1UECxMGMTAyNnNiMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkXDTA2MTExMzE4MDM0MFoXDTA2MTExMzIyMDM0MFqgDjAMMAoGA1UdFAQD
AgFeMA0GCSqGSIb3DQEBBQUAA0EAlbdl7bPD5yLpBwKkSXeSA1fa8M2TiqNynRS1
B5zDGGAamOBdnKVMEBPEXFsTzk92rjbL0J0KjoMYicTEGO1wKA==
-----END CERTIFICATE REVOCATION LIST-----
6. Open the Online Certificate Status Manager's agent services page.
https://server.example.com:11443/ocsp/agent/ocsp
7. In the left frame, click Add Certificate Revocation List.
8. Paste the encoded CRL inside the Base 64 encoded certificate revocation list (including the
header and footer) text area.
Adding a CRL to the Online Certificate Status Manager
99

Advertisement

Table of Contents
loading

Related Manuals for Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE

Related Content for Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE

This manual is also suitable for:

Certificate system 8.0 - administration

Table of Contents