Step 1. Before You Begin - Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.01:
- Configuration manual (282 pages) ,
- Reference (162 pages) ,
- Installation manual (106 pages)
Table of Contents
Advertisement
Step 1. Before You Begin
Before you configure a Certificate Manager (CA) to publish CRLs to an OCSP
responder, do the following:
•
If you are unfamiliar with Online Certificate Status Protocol (OCSP), read the
PKIX draft RFC 2560 available at this site:
http://www.ietf.org/rfc/rfc2560.txt
•
Read section "What's an OCSP-Compliant PKI Setup?" on page 670.
•
Check whether you've installed the Online Certificate Status Manager, the
OCSP responder provided with Certificate Management System. If you
haven't, first identify a host machine for installing it and then follow the
installation instructions in Chapter 6, "Installing Certificate Management
System" to install it. During installation, note the port numbers you assign to
the Online Certificate Status Manager.
•
Check whether you have deployed any OCSP-compliant clients. If you haven't,
determine whether you want to install Netscape 6x or use the OCSP-compliant
security plug-in module for Netscape Communicator, Netscape Personal
Security Manager. For details, see "How to Get OCSP-Compliant Clients?"
•
Keep the Netscape Console login information for the Certificate Manager and
Online Certificate Status Manager handy; you'll need this to verify or make
changes to their configuration.
•
Read section "OCSPPublisher Plug-in Module" in Chapter 6, "Publisher
Plug-in Modules" of CMS Plug-Ins Guide.
•
Read "Publishing of CRLs" on page 590. Determine whether you want the
Certificate Manager to publish version 1 or version 2 CRLs to the directory. If
you decide to publish version 2 CRLs, read Chapter 4, "Certificate Extension
Plug-in Modules" of CMS Plug-Ins Guide and determine the CRL extensions
you want the Certificate Manager to set; you will be required to configure the
server to set these extensions.
•
Decide whether you want to configure your Online Certificate Status Manager
to use it's default database for CRLs or to use an LDAP directory. If you want
the Online Certificate Status Manager to use the CRL published to the
directory, make sure that the Certificate Manager is configured to publish
CRLs to an LDAP directory. For details, see Chapter 19, "Setting Up LDAP
Publishing."
Note the following information for the directory: the host name, port number,
and port type—whether it's an SSL or nonSSL port. The Online Certificate
Status Manager can communicate with the directory via SSL or nonSSL port.
Setting Up a Remote OCSP Responder
Chapter 21
Setting Up an OCSP Responder
689
Advertisement
Table of Contents
