Setting Up a Remote OCSP Responder710 Netscape Certificate Management System Installation and Setup Guide • October 2001• Check whether you’ve installed the Online Certificate Status Manager, theOCSP responder provided with Certificate Management System. If youhaven’t, first identify a host machine for installing it and then follow theinstallation instructions in Chapter 6, “Installing Certificate ManagementSystem” to install it. During installation, note the port numbers you assign tothe Online Certificate Status Manager.• Check whether you have deployed any OCSP-compliant clients. If you haven’t,determine whether you want to use the OCSP-compliant security plug-inmodule for Netscape Communicator, Netscape Personal Security Manager. Fordetails, see “How to Get OCSP-Compliant Clients?”• Keep the Netscape Console login information for the Certificate Manager andOnline Certificate Status Manager handy; you’ll need this to verify or makechanges to their configuration.• Read section “OCSPPublisher Plug-in Module” in Chapter 6, “PublisherPlug-in Modules” of CMS Plug-ins Guide.• Read “Publishing of CRLs” on page 610. Determine whether you want theCertificate Manager to publish version 1 or version 2 CRLs to the directory. Ifyou decide to publish version 2 CRLs, read Chapter 4, “Certificate ExtensionPlug-in Modules” of CMS Plug-ins Guide and determine the CRL extensionsyou want the Certificate Manager to set; you will be required to configure theserver to set these extensions.• Decide whether you want to configure your Online Certificate Status Managerto use it’s default database for CRLs or to use an LDAP directory. If you wantthe Online Certificate Status Manager to use the CRL published to thedirectory, make sure that the Certificate Manager is configured to publishCRLs to an LDAP directory. For details, see Chapter 19, “Setting Up LDAPPublishing.”Note the following information for the directory: the host name, port number,and port type—whether it’s an SSL or nonSSL port. The Online CertificateStatus Manager can communicate with the directory via SSL or nonSSL port.Step 2. Install an OCSP-Compliant ClientFollow the instructions as appropriate.• If you don’t want to install Personal Security Manager, skip to the next step,“Step 3. Identify the CA to the OCSP Responder” on page 711.• If you decided to install Personal Security Manager, follow the instructions insection “Step 2. Install OCSP-Compliant Client” on page 696 to install it.