Setting Up A Redirect For Certificates Issued In Certificate System 7.1 And Earlier - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

Setting up a Redirect for Certificates Issued in Certificate System 7.1 and Earlier

6.11. Setting up a Redirect for Certificates Issued in
Certificate System 7.1 and Earlier
The location for the OCSP user pages, specified in the URL with the file root /ocsp/ee/ocsp/,
is different in Certificate System 7.3 than the location in Certificate System 7.1, which was simply /
ocsp/. In order for certificates issued by a 7.1 CA with the Authority Information Access extension to
be sent to the OCSP, create a redirect to forward the requests to the appropriate URL.
IMPORTANT
Errata RHSA 2008:0566 or later must be applied to your Certificate System installation
before creating the redirect for the OCSP end entities' pages.
NOTE
Setting the redirect is only required to manage certificates issued by a 7.1 CA with the
Authority Information Access extension. If the certificates are issued by a later version
Certificate Manager or do not contain the Authority Information Access extension, then
this configuration is not necessary.
1. Stop the OCSP Responder. For example:
/etc/init.d/rhpki-ocsp stop
2. Open the OCSP's web applications directory. For example:
cd /var/lib/rhpki-ocsp/webapps
3. Open the ROOT/WEB-INF/ directory in the ROOT folder of the OCSP's web applications directory.
For example:
cd /var/lib/rhpki-ocsp/webapps/ROOT/WEB-INF/
4. Create and open the lib/ directory in the ROOT folder of the OCSP's web applications directory.
For example:
mkdir lib
cd lib/
5. Create a symlink that links back to the /usr/share/java/rhpki/cms.jar JAR file. For
example:
ln -s /usr/share/java/rhpki/cms.jar cms.jar
6. Move up to the ROOT/WEB-INF/ directory.
cd ../
169