When configuring the system, you can create as many authorities and responders as you like.
To configure the system to use OCSP:
- Check the certificate for the certificate authority who issues the certificates you want to check in with OCSP into Sterling Integrator to verify it is a CA certificate.
- List the CA certificates in the system and get the object ID for the certificate you just installed.
- If the authority’s OCSP response signing certificate is different than the authority’s certificate issuing certificate, check the authority’s OCSP response signing certificate into Sterling Integrator as a Trusted certificate.
- If you checked in an additional OCSP signing certificate, list the Trusted certificates in the system and get the object ID for the certificate you just installed.
- Go to the bin directory of the Sterling Integrator installation.
- Start the database if necessary.
- Start the bash or sh shell.
- Source the file tmp.sh
- Create an authority using the utility in the class com.sterlingcommerce.security.ocsp.SCICertAuthority.
- Create an OCSP responder using the utility in the class com.sterlingcommerce.security.ocsp.SCIOCSPResponder
- Update the certificates for the authority or individual certificates to enable OCSP. The utility com.sterlingcommerce.security.ocsp.SetAuthorityCertificatesOCSPInfo will configure all trusted and system certificates for an authority. The utility com.sterlingcommerce.security.ocsp.SetSystemCertificateOCSPInfo will configure one system certificate. The utility com.sterlingcommerce.security.ocsp.SetTrustedCertificateOCSPInfo will configure one trusted certificate.