Table of Contents
Advertisement
Configuring the Certificate Manager
For detailed information, see Chapter 15, "Publishing."
Configuring OCSP Services
The Certificate Manager contains an internal OCSP responder which is installed by
default. The OCSP responder receives standard OCSP requests via the non-SSL
end-entity port. It checks the status of certificates in the internal database and then
reports back on the status of the certificate.
The Online Certificate Status Manager is a stand-alone subsystem that a Certificate
Manager publishes CRLs to. This subsystem receives standard OCSP requests for
certificate status and checks the CRLs to see if the certificate has been revoked. This
subsystem can be configured with more than one Certificate Manager.
See Chapter 5, "OCSP Responder" for information about both of these services.
Setting Up CRLs
The CRL feature allows you to set up CRLs that are issued on a periodic basis. You
can also define issuing points so that a CRL from that issuing point contains only
the list of revoked certificates associated with that issuing point. You can also
create delta CRLS. When you install, the CRL feature is setup, but the creation of
CRLs is disabled. You need to enable it and configure issuing points to issue CRLs.
For detailed information on setting up CRLs, see Chapter 14, "Revocation and
CRLs."
Setting Up Notifications
The notification feature that allows you to send automated notifications is disabled
after installation. You can set up three types of automatic notifications:
•
Certificate Issuance. An email is sent to the end entity when a certificate is
issued.
•
Certificate Revoked. An email is sent to an end entity when a certificate is
revoked.
•
Request In Queue. An email is sent to agents when a request is received in the
agent services interface request queue.
122
Netscape Certificate Management System Administrator's Guide • February 2003
Advertisement
Table of Contents
