Recognizing Online Certificate Status Manager Certificates; Configuring The Online Certificate Status Manager - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

Chapter 6. Online Certificate Status Protocol Responder
The Online Certificate Status Manager uses a single server certificate for authentication purposes.
Additional server certificates can be installed and used for different purposed. For instructions, see
Section 11.5, "Configuring the Server Certificate Use

6.3.3. Recognizing Online Certificate Status Manager Certificates

Depending on the CA which signed the Online Certificate Status Manager's SSL server certificate, it
may be necessary to get the certificate and issuing CA recognized by the Certificate Manager.
• If the Online Certificate Status Manager's server certificate is signed by the CA that is publishing
CRLs, then nothing needs done.
• If the Online Certificate Status Manager's server certificate is signed by the same root CA that
signed the subordinate Certificate Manager's certificates, then the root CA must be marked as a
trusted CA in the subordinate Certificate Manager's certificate database.
• If the Online Certificate Status Manager's SSL server certificate is signed by a different root CA,
then the root CA certificate must be imported into the subordinate Certificate Manager's certificate
database and marked as a trusted CA.
If the Online Certificate Status Manager's server certificate is signed by a CA within the selected
security domain, the certificate chain is imported and marked when the Online Certificate Status
Manager is configured. No other configuration is required. However, if the server certificate is signed
by an external CA, the certificate chain has to be imported for the configuration to be completed.
NOTE
Not every CA within the security domain is automatically trusted by the OCSP Manager
when it is configured. Every CA in the certificate chain of the CA configured in the CA
panel is, however, trusted automatically by the OCSP Manager. Other CAs within the
security domain but not in the certificate chain must be added manually.

6.4. Configuring the Online Certificate Status Manager

After the installation and basic configuration of the Online Certificate Status Manager subsystem,
further configuration to features such as logging and certificate contents can be made through
the Certificate System administrative console. This console allows user and group management,
authorization settings, internal LDAP database information, self-tests, and other administrative tasks.
General subsystem configuration is outlined in
Configuration
Adding additional Online Certificate Status
Manager instances.
General configuration and management such
as changing port numbers, setting up logging,
running self-tests, and managing the internal
database.
Adding and deleting users, agents, and
administrators.
160
Preferences".
Table 6.1, "General Subsystem Configuration
Section
Section 2.7, "Creating Additional Subsystem
Instances"
Chapter 3, Administrative Basics
Section 17.2, "Creating Users"
Links".