OCSP Core
Last updated
Last updated
This section provides the step by step guide for installation, configuration and usage of OCSP Core. Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'.
Note: All actions required for setting up and configuring OCSP Core should be done using administrator privileges.
Environment Variables
For ocspcore.properties
This file is used to configure database related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCA application) as well as logs.
For Linux
For setting environment variable in Linux run following command
sudo -H gedit /etc/environment
It will open environment folder and set OCSP Core path inside that
OCSPCORE_CONFIGURATION_PATH for ocspcore.properties file as shown in below figure
Once the Environment variable is set for ocspcore.properties, the user can open the ocspcore.properties to configure various options which includes configuring of database as well as logs.
Snapshot
Please find the below ocspcore.properties file snapshot for reference:
Database
ocspcore.properties file is used to configure database related properties where we can configure database properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for OCSP).
Open the ocspcore.properties file and change the below DB configuration:
Parameter
|
Description |
hibernate.dialect | [DialectInfo] refers to Dialect information |
jdbc.driverClassName | [DriverClassName] refers to Driver class name |
jdbc.url | [URL] refers to Database URL |
jdbc.username | [UserName] refers to UserName who has access to this schema |
jdbc.password | [Password] refers to Password for the user ( Refer Section 6) |
Note: Default values in the configuration file will be used if it’s not changed as per the requirement. Please configure as per your requirement.
OCSP Responder will connect with the same schema which is connected to the emCA Application
Logs
The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in ocspcore.properties file which is set in the environment variables [please refer section 6.3.1.1]
Log4J XML file as shown below:
In the above LOCAL SERVER PATH, the administrator has to provide a folder path where in the log files get generated.
The following component is required for deployment:
OCSP CORE(ocsprespondercore.war file)
OCSPCORE comes as a war file which has to be deployed on the application server. Server provides configuration through properties file.
Please configure and save all the properties defined in the properties file defined in section -‘(B) For ocspcore.properties’ under section 5.6.1.1. Environment Variables.
Then deploy the configured OCSP Core war file.
Please find below steps to deploy the application:
Copy the ocsprespondercore.war inside Tomcat ->Web apps folder apache-tomcat\webapps
Windows run services.msc
Select Apache Tomcat and click Start
Once deployment is successfully done and the server is started, Open any browser like Internet Explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below
https://www.example.com/ocsprespondercore in enter address field place (For ex: https:// 127.0.0.1:8080/ocsprespondercore)
The following message is displayed. This implies that the application is deployed properly.
“HTTP Status 405 - OCSP only supports POST”.
To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml).
Please make sure that the log file is created in the above-mentioned path.