OCSP Configuration

When configuring the system, you can create as many authorities and responders as you like.

To configure the system to use OCSP:

  1. Check the certificate for the certificate authority who issues the certificates you want to check in with OCSP into Sterling Integrator to verify it is a CA certificate.
  2. List the CA certificates in the system and get the object ID for the certificate you just installed.
  3. If the authority’s OCSP response signing certificate is different than the authority’s certificate issuing certificate, check the authority’s OCSP response signing certificate into Sterling Integrator as a Trusted certificate.
  4. If you checked in an additional OCSP signing certificate, list the Trusted certificates in the system and get the object ID for the certificate you just installed.
  5. Go to the bin directory of the Sterling Integrator installation.
  6. Start the database if necessary.
  7. Start the bash or sh shell.
  8. Source the file tmp.sh
  9. Create an authority using the utility in the class com.sterlingcommerce.security.ocsp.SCICertAuthority.
  10. Create an OCSP responder using the utility in the class com.sterlingcommerce.security.ocsp.SCIOCSPResponder
  11. Update the certificates for the authority or individual certificates to enable OCSP. The utility com.sterlingcommerce.security.ocsp.SetAuthorityCertificatesOCSPInfo will configure all trusted and system certificates for an authority. The utility com.sterlingcommerce.security.ocsp.SetSystemCertificateOCSPInfo will configure one system certificate. The utility com.sterlingcommerce.security.ocsp.SetTrustedCertificateOCSPInfo will configure one trusted certificate.