Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual page 688

Hide thumbs Also See for NETSCAPE MANAGEMENT SYSTEM 6.01:
Table of Contents

Advertisement

Setting Up a Remote OCSP Responder
The procedure for setting up a Certificate Manager functioning as a subordinate
CA to publish CRLs to a remote Online Certificate Status Manager would be the
same, except that you would have to perform extra steps to make sure the that CA
chain verification takes place smoothly. For example:
If the Online Certificate Status Manager's SSL server certificate is signed by the
same root CA that signed the subordinate Certificate Manager's certificates,
then you need to mark the root CA as a trusted CA in the subordinate
Certificate Manager's certificate database.
If the Online Certificate Status Manager's SSL server certificate is signed by a
different root CA, then you need to import the root CA certificate into the
subordinate Certificate Manager's certificate database and mark it as a trusted
CA.
To import a CA certificate into the certificate database of a subordinate Certificate
Manager, you can use the Certificate Setup Wizard. For instructions, see "Using the
Wizard to Install a Certificate or Certificate Chain" on page 452. After you install
the certificate, you can follow the instructions in see "Changing the Trust Settings
of a CA Certificate" on page 485 to trust the CA certificate you imported.
Step 1. Before You Begin
Step 2. Install an OCSP-Compliant Client
Step 3. Identify the CA to the OCSP Responder
Step 4. Configure the Certificate Manager to Publish CRLs
Step 5. Configure Certificate Manager for Required Extension Policies
Step 6. Configure the Online Certificate Status Manager
Step 7. Restart the Certificate Manager
Step 8. Restart the Online Certificate Status Manager
Step 9. Verify Certificate Manager and Online Certificate Status Manager
Connection
Step 10. Test Your OCSP Responder Setup
Note that the Online Certificate Status Manager can be configured to receive CRLs
from more than one Certificate Manager. If your deployment has many CAs and
you want all of them to publish CRLs to the same Online Certificate Status
Manager, you should repeat the above steps for each Certificate Manager.
688
Netscape Certificate Management System Installation and Setup Guide • May 2002

Advertisement

Table of Contents
loading

This manual is also suitable for:

Certificate management system 6.01

Table of Contents