Setting Up A Certificate Manager With Ocsp Service; Step 1. Before You Begin - Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual

Setting Up a Certificate Manager with OCSP
Service
The Certificate Manager has a built-in OCSP service feature that can be used by
OCSP-compliant clients to do real-time verification of certificates issued by the
Certificate Manager. This section explains how to setup an OCSP-compliant PKI
setup using the Certificate Manager's OCSP-service feature.
•

Step 1. Before You Begin

• Step 2. Install OCSP-Compliant Client
• Step 3. Enable Certificate Manager's HTTP Port
• Step 4. Configure Certificate Manager for Extensions
• Step 5. Restart the Certificate Manager
• Step 6. Test Your CA's OCSP Service Setup
Step 1. Before You Begin
Before you start setting up a Certificate Manager to service OCSP requests, do this:
• If you are unfamiliar with Online Certificate Status Protocol (OCSP), read the
PKIX draft RFC 2560 available at this web site:
http://www.ietf.org/rfc/rfc2560.txt
• Read section "What's an OCSP-Compliant PKI Setup?" on page 670. Decide
whether you want to use the OCSP-compliant security plug-in module for
Netscape Communicator, Personal Security Manager; this plug-in enables
Netscape Communicator 4.7x to query the Online Certificate Status Manager
using the OCSP protocol. Netscape 6x has Personal Security Manager built into
it.
• Check whether you've installed the Certificate Manager, a CMS CA. If you
haven't, first identify a host machine for installing it and then follow the
installation instructions in Chapter 6, "Installing Certificate Management
System" to install it. During installation, note the port numbers you assign to
the Certificate Manager.
• Make sure the Certificate Manager is started. Also keep the Netscape Console
login information for the Certificate Manager handy; you'll need this to verify
or make changes to their configuration.

Setting Up a Certificate Manager with OCSP Service

Chapter 21 Setting Up an OCSP Responder 675