OCSP Configuration

You can create unlimited authorities and responders when you configure the system to use OCSP.

About this task

When configuring the system, you can create as many authorities and responders as you like.

To configure the system to use OCSP:

Procedure

  1. Check the certificate for the certificate authority who issues the certificates you want to check in with OCSP into Sterling B2B Integrator to verify it is a CA certificate.
  2. List the CA certificates in the system and get the object ID for the certificate you just installed.
  3. If the authority's OCSP response signing certificate is different than the authority's certificate issuing certificate, check the authority's OCSP response signing certificate into Sterling B2B Integrator as a Trusted certificate.
    Note: With 5.2.4.2 and higher, you can check in the root certificate which issued the responder certificate as the CA, instead of the responder certificate as a Trusted Certificate. Since the responder certificate changes frequently, depending on the CA, it can cause OCSP to fail until the certificate is replaced with a valid one. You should always check in a root certificate from now on as a best practice, since they rarely change. However, both types will continue to be allowed.
  4. If you checked in an additional OCSP signing certificate, list the CA certificates in the system and get the object ID for the certificate you just installed.
  5. Go to the bin directory of the Sterling B2B Integrator installation.
  6. Start the database if necessary.
  7. Start the bash or sh shell.
  8. Source the file tmp.sh
  9. Create an authority using the utility in the class com.sterlingcommerce.security.ocsp.SCICertAuthority.
  10. Create an OCSP responder using the utility in the class com.sterlingcommerce.security.ocsp.SCIOCSPResponder
  11. Update the certificates for the authority or individual certificates to enable OCSP. The utility com.sterlingcommerce.security.ocsp.SetAuthorityCertificatesOCSPInfo will configure all trusted and system certificates for an authority. The utility com.sterlingcommerce.security.ocsp.SetSystemCertificateOCSPInfo will configure 1 system certificate. The utility com.sterlingcommerce.security.ocsp.SetTrustedCertificateOCSPInfo will configure 1 trusted certificate.