What’s an OCSP-Compliant PKI Setup?
674
Netscape Certificate Management System Installation and Setup Guide • March 2002
As explained earlier, the Online Certificate Status Manager stores each Certificate
Manager’s CRL in its internal database and uses it as the default CRL store for
verifying certificates. You can also configure the Online Certificate Status Manager
to use the CRL published to an LDAP directory. If you do so, the Online Certificate
Status Manager uses the CRL published to the LDAP directory, instead of the CRL
in its internal database.
For step-by-step instructions to set up an OCSP-compliant PKI setup using the
Online Certificate Status Manager, see “Setting Up a Remote OCSP Responder” on
page 687.
How to Get OCSP-Compliant Clients?
As mentioned in the preceding section, in addition to a CA and an OSCP
responder, you also need OCSP-compliant clients if you want to set up an
OCSP-compliant PKI setup. For this purpose, you can use clients such as Netscape
6 or Netscape Communicator with Netscape Personal Security Manager.
Personal Security Manager is an OCSP-compliant security plug-in module for
Communicator 4.7x versions. The module, in addition to many other features,
enables Communicator to check certificate validity in real time using the OCSP
protocol: it enables the client to read the Authority Information Access extension in
a certificate, locate the OCSP responder specified by the extension, request the
revocation status of the certificate from the OCSP responder, and use the response
to validate the certificate. For a brief introduction to Personal Security Manager, see
“Netscape Personal Security Manager” on page 102.
NOTE
If you’re using Netscape 6 (or later versions) as your client, you
don’t need to install Personal Security Manager; it’s integrated into
Netscape 6 as its default security component. In other words, OCSP
is a built-in feature in Netscape 6. For more information about
Netscape 6, check this site:
http://home.netscape.com/browsers/
Summary of Contents for NETSCAPE MANAGEMENT SYSTEM 6.0
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 0 March 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide March 2002...