Menu
▾
▴
Re: [Ejbca-develop] How to stand up a standalone EJBCA OCSP Responder (not using the OVA)?
|
From: Tomas G. <to...@pr...> - 2019-06-25 09:33:33
|
An EJBCA installed as a CA can work as a VA as well. You can create OCSP key binding for other CAs. There is documentation for OCSP on database structures and such if you want to manually sync databases (you can work with your VA in many different ways) One feature related to VAs, making it automated, is Peer Systems. This automation is an Enterprise feature however. https://www.ejbca.org/docs/Peer_Systems.html Regards, Tomas --- PrimeKey Tech Days 2019 Stockholm, Sweden 17-18 September www.primekey.com/tech-days On 2019-06-25 11:14, o haya via Ejbca-develop wrote: > Hi, > > It took me the whole weekend plus most of today/tonight, but I was now > able to build EJBCA under JBOSS 7.2. > > Unfortunately, I didn't see your response, so I took the "Install EJBCA > as CA with a Management CA" branch on this page: > > https://www.ejbca.org/docs/Installing_EJBCA.html > > instead of the "Install EJBCA as an RA or VA" branch, so I am going to > have to try again with the VA installation. > > So, to be clear, you think that if I install the EJBCA as VA, that will > allow us to have an OCSP Responder that can support multiple CRLs from > different CAs? > > Is that correct? > > Thanks, > Jim > > > > On Tuesday, June 25, 2019, 8:32:25 AM UTC, Tomas Gustavsson > <to...@pr...> wrote: > > > Hi, > > Yes, a VA is what you a looking for, at least that's what it sounds like. > > Regards, > Tomas > --- > PrimeKey Tech Days 2019 > Stockholm, Sweden > 17-18 September > www.primekey.com/tech-days > > > On 2019-06-21 14:35, o haya via Ejbca-develop wrote: >> [Re-sending to the mailing list because I think I was sending to the >> wrong place... plus I wasn't seeing my post on the archives.] >> >> >> Hi, >> >> Previously, we had worked with the EJBCA OCSP responder by using the >> EJBCA OVA and then configuring an OCSP Responder. >> >> Now, we want to try to stand up a new, standalone EJBCA OCSP Responder. >> >> By "standalone", I mean an OCSP Responder, only without the EJBCA CA >> functionality, where the OCSP Responder can host/support the OCSP >> Responder functionality for CRLs from multiple ("external") CAs. >> >> I've been looking through the EJBCA documentation, but I am not sure how >> to accomplish that? >> >> I have found this page: >> >> https://www.ejbca.org/docs/Installing_EJBCA.html >> >> And I was wondering if the 3rd bullet, "Install EJBCA as an RA or VA", >> is what I need to follow, and setup EJBCA as a VA (Validation Authority?)? >> >> If not, can someone point me to the procedure for standing up such "a >> standalone EJBCA OCSP Responder"? >> >> Thanks, >> Jim > >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... > <mailto:Ejb...@li...> >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
