Step 5. Configure Certificate Manager For Extensions - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Hide thumbs Also See for NETSCAPE MANAGEMENT SYSTEM 4.5:
Table of Contents

Advertisement

Setting Up a Certificate Manager with OCSP Service
Step 5. Configure Certificate Manager for
Extensions
In order for OCSP-compliant clients to query the Certificate Manager about the
revocation status of a certificate, the certificate being validated must contain the
Authority Information Access extension pointing to the location at which the
Certificate Manager listens for OCSP service requests. For details about the
Authority Information Access extension, see section "AuthInfoAccessExt Plug-in
Module" of CMS Plug-ins Guide.
The Certificate Manager can add an extension to a certificate it issues only if the
corresponding policy is enabled and configured properly. Hence, before issuing
the OCSP-compliant client certificate, you must verify that the Certificate Manager
is configured with the appropriate policy rules to add the required extensions to
these certificates.
During the installation of a Certificate Manager, if you chose to enable its
OCSP service, a default policy rule (named
with correct attributes for adding the Authority Information Access extension
to certificates the Certificate Manager will issue following installation. If you
didn't make any changes to the policy configuration of the Certificate
Manager, you probably don't need to do anything.
If you installed the Certificate Manager's with its OCSP service feature
disabled, a default policy rule (named
may not have the correct attributes for adding the Authority Information
Access extension to certificates.
In either case, it's advisable that you check the status of the said policy rule, and
update it if required. Also, for testing whether your OCSP-compliant clients can
verify revocation status of certificates by querying the OCSP responder, you will be
issuing a client certificate containing the Authority Information Access extension to
Personal Security Manager you installed.
700
Netscape Certificate Management System Installation and Setup Guide • October 2001
AuthInfoAccessExt
) is created, but it
AuthInfoAccessExt
) is created

Advertisement

Table of Contents
loading

Table of Contents