Run an OCSP Script
Use the following example to learn how to run the OCSP configuration scripts. These scripts assume that you have already checked in the CA certificates for the authority, started the database, are in the bin directory of your Sterling B2B Integrator installation and have sourced the file tmp.sh in the bin directory.
After getting the object ID of the CA certificate from the authority, in Sterling B2B Integrator from the Administration menu, select Trading Partners > Digital Certificates-CA. Select a certificate. The Certificate Summary dialog box appears with the certificate information, including its object ID.
Complete the following steps to run an OCSP Script:
- Run a command similar to the following to create an authority
in the system:
./ManageCertAuthority.sh -a VPCA admin SHA1 "sedna:a1807c:11dc6d53ba4:-7b4b" "always,end-user" "none"
- After creating an authority, and creating a profile for
communicating with an OCSP responder, run a command similar to the
following to create an OCSP responder in the system:
./ManageOCSPResponder.sh -a VPCA admin SHA1 "sedna:a1807c:11dc6d53ba4:-7b4b" "2400" "a1807c:11dc79aacbd:-7570" HTTPClientSend 3600
- Run a command similar to the following to list all of the
authorities in the system:
Return output for each authority displays:
CERT_AUTHORITY: OBJECT_ID: sedna:1ded0fd:11dc9d22929:-7fbd NAME: VPCA CREATE_DATE: 2008-11-23 MODIFIED_DATE: 2008-11-23 MODIFIED_BY: null ISSUER_NAME: Country=US, StateOrProvince=Dublin, OrganizationUnit=GIS Development, Organization=Sterling, CommonName=Test CA HASH_ALG: SHA1 RDN_HASH: 24E63F8AE9F51497529EA0CC34467A4680737A9F ENCODED_RDN_HASH: JOY/iun1FJdSnqDMNEZ6RoBzep8= KEY_HASH: C96F2FF442EBFA07672DCEC49B729D4D24898313 ENCODED_KEY_HASH: yW8v9ELr+gdnLc7Em3KdTSSJgxM= CERT_OID: sedna:a1807c:11dc6d53ba4:-7b4b OCSP_WHEN_POLICY: always OCSP_WHAT_POLICY: end-user CRL_POLICY: null
- Use a command similar to the following to enable OCSP for
all trusted and system certificates issued by the authority:
./SetAuthorityCertsOCSPInfo.sh -o "sedna:1ded0fd:11dc9d22929:-7fbd" yes