This article includes updates for Nexus OCSP Responder 6.3.0-1.

This article describes how to migrate an existing Nexus OCSP Responder installation to Podman using Quadlets.

Prerequisites

Nexus OCSP Responder (OCSP) is installed with version OCSP 6.3.0.
Podman version 4.9.4 or later is installed.
A valid OCSP license file.

Earlier OCSP versions are not supported for migration and must be updated the regular way before a migration can be performed.

Step-by-step instructions

Deployment directory setup

When deploying using quadlets the name of the directory in which the distributable deployment files are located will be dictated by the user running the container. It will map to the following directory:

$HOME/.config/containers/systemd/

Load Podman image

The Podman image for OCSP is located in the image directory within the distributable package.

Load the image using the following command:

podman image load -i image-6.3.0-1/ocsp_6.3.0-1.tar

Stop existing Nexus OCSP responder service

Stop the currently running Nexus OCSP Responder service.

Modify the container file

Update the ocsp.container file with any none default ports you might require for your configuration to work.

Place existing license file

Place the existing license file in the license directory within the OCSP deployment directory.

Example with a license file called ocsp.license:

$HOME/.config/containers/systemd/license/ocsp.license

Initialize the OCSP deployment

Create the container and volumes by using the following command:

systemctl --user start ocsp-bin-volume
systemctl --user start ocsp-certs-volume
systemctl --user start ocsp-config-volume
systemctl --user start ocsp-cils-volume
systemctl --user start ocsp-crls-volume
systemctl --user start ocsp-health-volume
systemctl --user start ocsp
systemctl --user stop ocsp

Now the containers and volumes required by the OCSP responder are ready to be configured.

Migrate OCSP configuration

The content of the following five directories needs to be copied from your current OCSP server installation:

<ocsp-home>/bin
<ocsp-home>/certs
<ocsp-home>/config
<ocsp-home>/cils
<ocsp-home>/crls

The following volumes exists for the above listed directories:

bin:
$HOME/.local/share/containers/storage/volumes/systemd-ocsp-bin/_data/
Only HSM library .dll/.so files need to be copied.
certs:
$HOME/.local/share/containers/storage/volumes/systemd-ocsp-certs/_data/
config:
$HOME/.local/share/containers/storage/volumes/systemd-ocsp-config/_data/
cils:
$HOME/.local/share/containers/storage/volumes/systemd-ocsp-cils/_data/
crls:
$HOME/.local/share/containers/storage/volumes/systemd-ocsp-crls/_data/

Start OCSP container

Start the OCSP container using the following command:

systemctl --user start ocsp

Enable HSM configuration

For more information, see OCSP deployment using Quadlets.

Recommendations

Configuration files and libraries/addons (such as HSM) can be added as volumes to the containers.