OCSP Core

This section provides the step by step guide for installation, configuration and usage of OCSP Core. Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'.

Configuration

Note: All actions required for setting up and configuring OCSP Core should be done using administrator privileges.

Environment Variables

For ocspcore.properties

This file is used to configure database related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCA application) as well as logs.

For Linux

For setting environment variable in Linux run following command

sudo -H gedit /etc/environment

It will open environment folder and set OCSP Core path inside that

OCSPCORE_CONFIGURATION_PATH for ocspcore.properties file as shown in below figure

Once the Environment variable is set for ocspcore.properties, the user can open the ocspcore.properties to configure various options which includes configuring of database as well as logs.

Snapshot

Please find the below ocspcore.properties file snapshot for reference:

#local
hibernate.dialect=org.hibernate.dialect.MySQLDialect
jdbc.driverClassName=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://127.0.0.1:3306/emca
jdbc.username=root
jdbc.password= nNh0bStJeJxo3eu3taSY2Q==
 
 
#MSSQL JDBC PROPERTIES
#hibernate.dialect=org.hibernate.dialect.SQLServerDialect
#jdbc.url=jdbc:sqlserver://cpu206:1433;databaseName=emca
#jdbc.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver 
#jdbc.username=root
#jdbc.password=test@123
 
logFilePath=C:/emCA/emCAProperties/ocsp/core/log4j.xml

Database

ocspcore.properties file is used to configure database related properties where we can configure database properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for OCSP).

Open the ocspcore.properties file and change the below DB configuration:

Parameter

Description

hibernate.dialect

[DialectInfo] refers to Dialect information

jdbc.driverClassName

[DriverClassName] refers to Driver class name

jdbc.url

[URL] refers to Database URL

jdbc.username

[UserName] refers to UserName who has access to this schema

jdbc.password

[Password] refers to Password for the user ( Refer Section 6)

Note: Default values in the configuration file will be used if it’s not changed as per the requirement. Please configure as per your requirement.

OCSP Responder will connect with the same schema which is connected to the emCA Application

Logs

The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in ocspcore.properties file which is set in the environment variables [please refer section 6.3.1.1]

Log4J XML file as shown below:

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">
 
    <!-- Logging Properties -->
    <Properties>
        <Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
        <Property name="APP_LOG_ROOT">[Local Server Path] </Property>
    </Properties>
   
    <Appenders>
   
        <!-- Console Appender -->
        <Console name="Console" target="SYSTEM_OUT" follow="true">
            <PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
        </Console>
       
        <RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/OCSP-Core-warn.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
       
        <RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/OCSP-Core-info.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
       
        <RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/OCSP-Core-error.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
                            
                             <RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/OCSP-Core-debug.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
           
    </Appenders>
 
    <Loggers>
        <AsyncRoot level="debug" includeLocation="false">
            <AppenderRef ref="infoLog"  />
            <AppenderRef ref="errorLog" />
            <AppenderRef ref="warnLog" />
                                            <AppenderRef ref="debugLog" />
                                           <AppenderRef ref="Console" />
        </AsyncRoot>
    </Loggers>
 
</Configuration>

In the above LOCAL SERVER PATH, the administrator has to provide a folder path where in the log files get generated.

Deployment

The following component is required for deployment:

OCSP CORE(ocsprespondercore.war file)

OCSPCORE comes as a war file which has to be deployed on the application server. Server provides configuration through properties file.

Please configure and save all the properties defined in the properties file defined in section -‘(B) For ocspcore.properties’ under section 5.6.1.1. Environment Variables.

Then deploy the configured OCSP Core war file.

Please find below steps to deploy the application:

  • Copy the ocsprespondercore.war inside Tomcat ->Web apps folder apache-tomcat\webapps

  • Windows run services.msc

  • Select Apache Tomcat and click Start

Quick Check Guide

Once deployment is successfully done and the server is started, Open any browser like Internet Explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below

https://www.example.com/ocsprespondercore in enter address field place (For ex: https:// 127.0.0.1:8080/ocsprespondercore)

The following message is displayed. This implies that the application is deployed properly.

“HTTP Status 405 - OCSP only supports POST”.

To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml).

"[Local Server Path]/ocspresponder.log

Please make sure that the log file is created in the above-mentioned path.

PreviousemCA APINextOCSP Responder Web

Last updated