Table of Contents
Advertisement
Click OK.
6.
You're returned to the Revocation Store Info Management tab
Click Refresh.
7.
Testing Your OCSP Setup
To test whether the Certificate Manager can service OCSP requests properly,
follow these steps:
Turn On Revocation Checking in your browser or client.
1.
Request a certificate from the CA that has been enabled for OCSP services.
2.
Approve the request.
3.
Download the certificate to the browser or client.
4.
Make sure the CA is trusted by the browser or client.
5.
Check the Status of Certificate Manager's OCSP Service (internal OCSP
6.
service).
Go to the agent services interface for the Certificate Manager and then go to the
OCSP Services page.
The Certificate Manager's Agent services interface contains a form that enables
you to check the Certificate Manager's OCSP-service status, such as how many
request its received and so on. Click OCSP Services in the left frame in the
agent services interface.
includeNextUpdate. The Online Certificate Status Manager can include
the time stamp of next CRL update—a future update time for the CRL or
the revocation information—in the OCSP response that it sends to
OCSP-compliant clients. (According to the OCSP protocol, it is optional to
include the time stamp of next CRL update in an OCSP response.) Select
this option if you want the OCSP response to contain information about
the next CRL update. Leave the option deselected if you don't want the
OCSP response to contain this information.
Testing Your OCSP Setup
Chapter 5
OCSP Responder
195
Advertisement
Table of Contents
