Menu
▾
▴
[Ejbca-develop] ocsp
|
From: Hans W. <hw...@a-...> - 2012-08-22 22:20:47
|
Hi all,
One of our innovation-managers keeps on haunting me with the subject...
He asked me to demonstrate a stand-alone ocsp-responder.
Point is, the corresponding CA isn't an ejbca entity.
>From the documentation (correct me if i;m mistaken) there seems to be
two paths.
1) Directly populate the database of the oscp-machine.
it seems i need somehow to get hold of:
issuerDN
serialNumber
status
revocationDate
revocationReason
certificateProfileId
2) install an ejbca-Validation Authority, and have that feeding the
ocsp-responders.
Second option looks more scalable/flexible/robust, but the question
remains how to feed the V.A.
All i know sofar, is that i can do a wget for a fresh CRL every hour.
And probably it is from a Microsoft machine, (so no chance of doing
something intelligent there ;-)
Any suggestions?
Hans
|
