This chapter provides an overview of an Online Certificate Status Protocol (OCSP)
service, and explains how you can use the OCSP service built into the Certificate
Manager for real-time verification of certificates issued by the Certificate Manager.
The chapter also explains how to install and configure an Online Certificate Status
Managers to publish CRLs.
This chapter contains the following sections:
•
About OCSP Services
•
CMS OCSP Services
•
Setting Up a Certificate Manager with OCSP Service
•
Online Certificate Status Manager Deployment Considerations
•
Installing an Online Certificate Status Manager
•
Setting Up the OCSP Responder
•
Configuring the Online Certificate Status Manager
•
Testing Your OCSP Setup
About OCSP Services
CMS supports the Online Certificate Status Protocol (OCSP) as defined in the PKIX
standard RFC 2560 (see
protocol enables OCSP-compliant applications to determine the state of a
certificate, including the revocation status, without having to directly check a CRL
published by a CA to the validation authority. The validation authority, which is
also called an OCSP responder, does the checking for the application.
OCSP Responder
http://www.ietf.org/rfc/rfc2560.txt
Chapter 5
). The OCSP
167