Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

This article describes how to add and remove revocation information for a certain certificate issuer (CA) in Nexus OCSP Responder.

 Add revocation information

To add revocation information for a certain CA:

  1. If the CA is:
    1. a trusted CA: Add the CA certificate to the trust store, see Trust store.
    2. a subordinate CA to a CA in the trust store: Copy the CA certificate to the persistent directory.
    All certificates in the trust store and persistent directory are automatically inserted into the cache.
  2. Configure one or more CRL validator(s) to retrieve CRLs for this CA, see Validation section.
  3. Restart Nexus OCSP Responder to make these updates take effect.
 Remove revocation information

To remove revocation information for a certain CA:

  1. Delete the CA certificate for the CA from the trust store or the persistent directory.
  2. Delete the relevant CRLs from the CRL cache directory.
  3. Delete the CRL validator entries in the configuration file that correspond to the CA you want to remove. Renumber all the following validators to close the gap in the sequence.
  4. Restart Nexus OCSP Responder to make these updates take effect.

Related information

  • No labels