Run an OCSP Script

Use the following example to learn how to run the OCSP configuration scripts. These scripts assume that you have already checked in the CA certificates for the authority, started the database, are in the bin directory of your Sterling B2B Integrator installation and have sourced the file tmp.sh in the bin directory.

After getting the object ID of the CA certificate from the authority, in Sterling B2B Integrator from the Administration menu, select Trading Partners > Digital Certificates-CA. Select a certificate. The Certificate Summary dialog box appears with the certificate information, including its object ID.

Complete the following steps to run an OCSP Script:

  1. Run a command similar to the following to create an authority in the system: 
    ./ManageCertAuthority.sh -a VPCA admin SHA1 
"sedna:a1807c:11dc6d53ba4:-7b4b" "always,end-user" "none"
  2. After creating an authority, and creating a profile for communicating with an OCSP responder, run a command similar to the following to create an OCSP responder in the system: 
    ./ManageOCSPResponder.sh -a VPCA admin SHA1 
"sedna:a1807c:11dc6d53ba4:-7b4b" "2400" "a1807c:11dc79aacbd:-7570"
 HTTPClientSend 3600
  3. Run a command similar to the following to list all of the authorities in the system: 
    ./ManageCertAuthority.sh -l

    Return output for each authority displays:

    CERT_AUTHORITY: 
OBJECT_ID: sedna:1ded0fd:11dc9d22929:-7fbd
NAME: VPCA
CREATE_DATE: 2008-11-23
MODIFIED_DATE: 2008-11-23
MODIFIED_BY: null
ISSUER_NAME: Country=US, StateOrProvince=Dublin, 
OrganizationUnit=GIS Development,
Organization=Sterling, 
CommonName=Test CA
HASH_ALG: SHA1
RDN_HASH: 24E63F8AE9F51497529EA0CC34467A4680737A9F
ENCODED_RDN_HASH: JOY/iun1FJdSnqDMNEZ6RoBzep8=
KEY_HASH: C96F2FF442EBFA07672DCEC49B729D4D24898313
ENCODED_KEY_HASH: yW8v9ELr+gdnLc7Em3KdTSSJgxM=
CERT_OID: sedna:a1807c:11dc6d53ba4:-7b4b
OCSP_WHEN_POLICY: always
OCSP_WHAT_POLICY: end-user
CRL_POLICY: null
  4. Use a command similar to the following to enable OCSP for all trusted and system certificates issued by the authority: 
    ./SetAuthorityCertsOCSPInfo.sh -o 
"sedna:1ded0fd:11dc9d22929:-7fbd" yes