Manualshelf

System information

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 8 - AGENTS GUIDE
71727374757677787980
The next page shows information about the CM that was added.
NOTE
If the deployment contains chained CAs, such as a root CA and then several
subordinate CAs, add each CA certificate separately to the OCSP responder.
3. Adding a CRL to the OCSP
If a situation arises when a CM is unable to publish its CRL to the OCSP, it is possible to add a
CRL manually to the OCSP internal database.
To add a CRL to the internal database, do the following:
1. Open the CM's agent services page.
https://server.example.com:9443/ca/agent/ca
2. Click on Display Revocation List.
3. In the results page, select the desired CRL issuing point, select the option to display the CRL
as base-64, and click Display.
4. In the CRL details page, scroll to the Certificate revocation list base64 encoded section,
which shows the CRL in base-64 format.
5. Copy the base-64 encoded CRL, including the -----BEGIN CERTIFICATE REVOCATION
LIST----- and -----END CERTIFICATE REVOCATION LIST----- marker lines, to the
clipboard or a text file.
The CRL looks similar to the example:
-----BEGIN CERTIFICATE REVOCATION LIST-----
MIHiMIGNAgEBMA0GCSqGSIb3DQEBBQUAMEsxGDAWBgNVBAoTD0RvbWFpbiBTcG9v
bmJveTEPMA0GA1UECxMGMTAyNnNiMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkXDTA2MTExMzE4MDM0MFoXDTA2MTExMzIyMDM0MFqgDjAMMAoGA1UdFAQD
AgFeMA0GCSqGSIb3DQEBBQUAA0EAlbdl7bPD5yLpBwKkSXeSA1fa8M2TiqNynRS1
B5zDGGAamOBdnKVMEBPEXFsTzk92rjbL0J0KjoMYicTEGO1wKA==
-----END CERTIFICATE REVOCATION LIST-----
6. Open the OCSP's agent services page.
Chapter 8. OCSP: Agent Services
74