Setting Up a Remote OCSP ResponderChapter 21 Setting Up an OCSP Responder 6873. Select the certificate you revoked and click View.In the View Security Certificate dialog box that appears, look for a messagethat says that the certificate could not be verified.Step J. Check the Certificate Manager’s OCSP Service Status AgainCheck the Certificate Manager’s OCSP-service status again to verify that thesethings happened:• The browser sent an OCSP query to the Certificate Manager (this response wasinitiated when you clicked the View button).• The Certificate Manager sent an OCSP response to the browser.• The browser used that response to validate the certificate and informed you ofits status (that the certificate could not be verified).To check the Certificate Manager’s OCSP-service status for verification:1. Go to the Certificate Manager’s status page.2. Reload the page (hold down the Shift key and click on the browser’s Reloadicon.)3. Compare the information to the one you noted in Step G above.The updated statistics should indicate that Personal Security Manager queriedthe Certificate Manager about the status of the certificate and in response, theCertificate Manager informed Personal Security Manager that the certificate isrevoked.Setting Up a Remote OCSP ResponderYou can configure a Certificate Manager to publish CRLs to an online certificatevalidation authority, such as the one included with Certificate ManagementSystem, and then issue end-entity certificates with Authority Information Accessextension pointing to the location at which the OCSP responder waits for queriesabout revocation status of certificates.This section explains how to set up a Certificate Manager functioning as a root CAto publish CRLs to a remote Online Certificate Status Manager and configureOCSP-compliant clients to query the Online Certificate Status Manager forrevocation status of certificates being validated.