Table of Contents
Advertisement
Setting Up the OCSP Responder
Configuration Status. This screen should indicate that your configuration has
27.
been successful and that you need to create an agent for the Online Certificate
Status Manager.
Click Done to exit the Installation Wizard.
You now need to create the first agent user for the Online Certificate Status
28.
Manager. See "Agent Certificates," on page 337 for details.
Setting Up the OCSP Responder
In order to properly set up the Online Certificate Status Manager, you must set up
the following:
Configure every CA that will publish to the OCSP Responder to Publish CRLs.
1.
See Chapter 14, "Revocation and CRLs" for complete details.
Enable Publishing and set up a publisher and a publishing rule(s) to publish
2.
CRLs to the Online Certificate Status Manager in every CA that the OCSP will
handle. See Chapter 15, "Publishing" for complete details. (You do not need to
do this if the Certificate Manager publishes to an LDAP directory and the
Online Certificated Status Manager is set up to read from that LDAP
publishing directory.)
You must configure your policies or certificate profiles for every CA that will
3.
publish to the OCSP Responder to include the Authority Information Access
extension pointing to the location at which the Certificate Manager listens for
OCSP service requests (identified as the
policy framework.) in certificates that are issued. This extension is necessary to
identify the OSCP service. If you installed the Certificate Manager with the
OSCP service on, this extension is created with the correct information for the
OSCP service. If you chose not to configure the OSCP service, you will have to
create this policy and configure it for this service.
If you installed the Certificate Manager's with its OCSP service feature
disabled, a default policy rule (named
may not have the correct attributes for adding the Authority Information
Access extension to certificates.
See Chapter 11, "Policies" for details on configuring policies, see
"AuthInfoAccessExt," on page 510 for specific information on this policy
module.
Configure the OCSP Responder. See "Configuring the Online Certificate Status
4.
Manager," on page 189. Pay close attention to configuring the following:
188
Netscape Certificate Management System Administrator's Guide • February 2003
AuthInfoAccessExt
) is created, but it
AuthInfoAccessExt
instance in the
Advertisement
Table of Contents
