Run an OCSP Script

The following example shows how to run the OCSP configuration scripts. The scripts assume that you already checked in the CA certificates for the authority, started the database, are in the bin directory of your Sterling B2B Integrator installation, and sourced the file tmp.sh in the bin directory.

About this task

After getting the object ID of the CA certificate from the authority, in Sterling B2B Integrator from the Administration Menu, select Trading Partners > Digital Certificates-CA. Select a certificate. The Certificate Summary dialog box appears with the certificate information, including its object ID.

Complete the following steps to run an OCSP Script. For a full list of OCSP script commands, see OCSP Configuration Scripts.

1. Run a command similar to the following to create an authority in the system:

   ./ManageCertAuthority.sh -a VPCA admin SHA1 "sedna:a1807c:11dc6d53ba4:-7b4b" "always,end-user" "none"

2. After creating an authority, and creating a profile for communicating with an OCSP responder, run a command similar to the following to create an OCSP responder in the system:

   ./ManageOCSPResponder.sh -a CertAuth_TestOCSP admin SHA1 "kenny:node1:13727b3f8e4:29762" "kenny:node1:13727275fd9:40698" false (use true if the checked in signing certificate is the same from the responding certificate, that is, checked in to the certificate authority in step 3) "2400" "14ffd4a0:1371823040d:-77c8" HTTPClientSend 3600 false false

3. Run a command similar to the following to list all of the authorities in the system:

   ./ManageCertAuthority.sh -l

   Return output for each authority displays:

   CERT_AUTHORITY: 
   OBJECT_ID: sedna:1ded0fd:11dc9d22929:-7fbd
   NAME: VPCA
   CREATE_DATE: 2008-11-23
   MODIFIED_DATE: 2008-11-23
   MODIFIED_BY: null
   ISSUER_NAME: Country=US, StateOrProvince=Dublin, OrganizationUnit=GIS Development, Organization=Sterling, 
   CommonName=Test CA
   HASH_ALG: SHA1
   RDN_HASH: 24E63F8AE9F51497529EA0CC34467A4680737A9F
   ENCODED_RDN_HASH: JOY/iun1FJdSnqDMNEZ6RoBzep8=
   KEY_HASH: C96F2FF442EBFA07672DCEC49B729D4D24898313
   ENCODED_KEY_HASH: yW8v9ELr+gdnLc7Em3KdTSSJgxM=
   CERT_OID: sedna:a1807c:11dc6d53ba4:-7b4b
   OCSP_WHEN_POLICY: always
   OCSP_WHAT_POLICY: end-user
   CRL_POLICY: null

4. Use a command similar to the following to enable OCSP for all trusted and system certificates issued by the authority:

   ./SetAuthorityCertsOCSPInfo.sh -o sedna:1ded0fd:11dc9d22929:-7fbd yes