OCSP Responder Web

This section provides step by step guide for installation, configuration and usage of OCSP Web. This is generally deployed in the DMZ for external applications to interface. OCSP Web will in turn interfaces with OCSP Core that is deployed in the MZ where in only selected internal application will have access to it.

Configuration

Note – all actions required for setting up and configuring OCSP Web should be done using administrator privileges

Environment Variables - For ocspweb.properties

This file is used to configure logs.

For Linux

For setting the environment variable in Linux, run following command:

sudo -H gedit /etc/environment

It will open environment folder and set OCSP Web path inside that

OCSPWEB_CONFIGURATION_PATH for ocspweb.properties file as shown in below figure

Once the Environment variable is set for ocspweb.properties, the user can open the ocspweb.properties to configure logs.

Snapshot

Please find below is the ocspweb.properties file snapshot for reference:

emca.ocsp.url=http://localhost:8800/ocsprespondercore

logFilePath=C:/emCA/emCAProperties/ocsp/web/log4j.xml

#ToEnableCache(YES / NO)
CacheEnabled=YES

#NoOfHoursToCache
NoOfHoursToCache=8

Connection

OCSP Web has to connect to OCSP Core for passing the requests received by OCSP Web to OCSP Core. For connecting to OCSP Core, in the properties file as shown below

# URL where ocspcore is deployed
emca.ocsp.url=http://<ipaddress>:<port>/ocsprespondercore

Logs

The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in ocspweb.properties file which is set in the environment variables [please refer section 6.4.1.1]

Log4J XML file as shown below:

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">

    <!-- Logging Properties -->
    <Properties>
        <Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
        <Property name="APP_LOG_ROOT">[Local Server Path] </Property>
    </Properties>
    
    <Appenders>
    
        <!-- Console Appender -->
        <Console name="Console" target="SYSTEM_OUT" follow="true">
            <PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
        </Console>
        
        <RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/OCSP-Responder-warn.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
        
        <RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/OCSP-Responder-info.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-A-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
        
        <RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/OCSP-Responder-error.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
		
		<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/OCSP- Responder-debug.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
            
    </Appenders>

    <Loggers>
        <AsyncRoot level="debug" includeLocation="false">
            <AppenderRef ref="infoLog"  />
            <AppenderRef ref="errorLog" />
            <AppenderRef ref="warnLog" />
			 <AppenderRef ref="debugLog" />
			<AppenderRef ref="Console" /> 
        </AsyncRoot>
    </Loggers>

</Configuration>

In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated.

Deployment

The following components are required for deployment:

OCSP Web (ocspresponderweb.war file)

OCSP Web comes as a war file which has to be deployed on the application server. Server provides configuration through properties file.

Please configure and save all the properties. Then deploy the configured OCSP Web war file.

Please find below steps to deploy the application:

  • Copy the ocspresponderweb.war inside Tomcat->Web apps folder apache-tomcat\webapps

  • Windows run services.msc

  • Go to Apache Tomcat and click Start

Quick Check Guide

Once deployment is successfully done and the server is started, Open any browser like internet explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below

https://www.example.com/ocspresponderweb in enter address field place (For ex: https:// 127.0.0.1:8080/ocspresponderweb)

The following message is displayed. This implies that the application is deployed properly.

“HTTP Status 405 - OCSP only supports POST”.

To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml)

 "[Local Server Path]/OCSPResponderWeb.log

Please make sure that the log file is created in the above-mentioned path.

PreviousOCSP CoreNextTSA Core

Last updated