This article describes how to add and remove revocation information for a certain certificate issuer (CA) in Nexus OCSP Responder.
| Expand |
|---|
| title | Add revocation information |
|---|
|
To add revocation information for a certain CA: - If the CA is:
- a trusted CA: Add the CA certificate to the trust store, see Trust store.
- a subordinate CA to a CA in the trust store: Copy the CA certificate to the persistent directory.
All certificates in the trust store and persistent directory are automatically inserted into the cache. - Configure one or more CRL validator(s) to retrieve CRLs for this CA, see Validation section.
- Restart Nexus OCSP Responder to make these updates take effect.
|
| Expand |
|---|
| title | Remove revocation information |
|---|
|
To remove revocation information for a certain CA: - Delete the CA certificate for the CA from the trust store or the persistent directory.
- Delete the relevant CRLs from the CRL cache directory.
- Delete the CRL validator entries in the configuration file that correspond to the CA you want to remove. Renumber all the following validators to close the gap in the sequence.
- Restart Nexus OCSP Responder to make these updates take effect.
|
Related information
