Chapter 6. Cloning Subsystems
ca.crl.IssuingPointId.enableCRLUpdates=true
g. Disable the redirect settings for CRL generation requests:
master.ca.agent.host=hostname
master.ca.agent.port=port number
7. Start the new master CA server.
service subsystem_name start
6.6.2. Converting OCSP Clones
1. Stop the OCSP master, if it is still running.
2. Open the existing master OCSP configuration directory.
cd /etc/subsystem_name
3. Edit the CS.cfg, and reset the OCSP.Responder.store.defStore.refreshInSec
parameter to 21600:
OCSP.Responder.store.defStore.refreshInSec=21600
4. Stop the online cloned OCSP server.
service subsystem_name stop
5. Open the cloned OCSP responder's configuration directory.
cd /etc/subsystem_name
6. Open the CS.cfg file, and delete the OCSP.Responder.store.defStore.refreshInSec
parameter or change its value to any non-zero number:
OCSP.Responder.store.defStore.refreshInSec=15000
7. Start the new master OCSP responder server.
service subsystem_name start
6.7. Updating CA Clones
When a CA is cloned, any configuration in its CS.cfg is also copied to the clone CA. This includes
any DRMs which are configured for the CA to use for key archival. However, if a DRM is configured
for a master CA after a clone is created, then the new DRM configuration must be copied over to the
clone CAs manually.
92