Table of Contents
Advertisement
Deployment Scenarios
Online Certificate Status Manager
The Online Certificate Status Manager is an optional subsystem of CMS that can act
as a stand-alone OCSP service. The Certificate Manager is configured with an
internal OCSP service. An external OCSP Responder is offered as a separate
subsystem in case you want the OCSP service provided outside a firewall while the
Certificate Manager resides inside a firewall, or to take the load of requests off the
Certificate Manager.
The Online Certificate Status Manager performs the task of an online certificate
validation authority, by enabling OCSP-compliant clients to do real-time
verification of certificates. Note that an online certificate-validation authority is
often referred to as an OCSP responder. The Online Certificate Status Manager can
receive CRLs from multiple Certificate Managers and clients can query the Online
Certificate Status Manager for the revocation status of certificates issued by all
these Certificate Managers.
When an OCSP Responder is set up with a Certificate Manager, and publishing is
set up to the OCSP responder, CRLs are published to it when they are issued or
updated.
Deployment Scenarios
Single Certificate Manager
Some deployments may require only a single Certificate Manager that handles all
end-entity interactions and provides no key archival and recovery capabilities. This
Certificate Manager can use a signing certificate issued by a public certificate
authority or its own self-signed CA signing certificate to sign all the certificates it
issues.
50
Netscape Certificate Management System Administrator's Guide • February 2003
Advertisement
Table of Contents
