Configuring the OCSP Service
Following are main steps to be taken when configuring the ADSS OCSP Service. The order in which the steps are defined is not important since it is easy to go back to an earlier step and also make changes later if required.
||Use the Key Manager module to generate the keys needed for the ADSS OCSP Service to sign the response. At least one OCSP response signing key is required with purpose "OCSP Response Signing".|
|Step 2:||Register all the root and/or intermediate CAs that will be involved in path building/validation in ADSS Trust Manager module.
Note: Registering the intermediate CAs can shorten the path discovery/validation process overheads and time.
||Add relevant trusted CAs in the OCSP Service so that revocation status services for the certificates issued by these CAs can be provided by the OCSP Service.
|Step 4:||Ensure the ADSS CRL Monitor is running and the CRLs are being retrieved successfully for the registered CAs or Import the CRLs for the trusted CAs in CRL Monitor module, to determine the revocation status if you wish to use the locally held CRLs for revocation checking.
||Use the ADSS OCSP Service Manager to start/stop/restart the service. ADSS OCSP Service is required to be restarted when an OCSP Validation Policy is added/updated/delete.