Configuring the Certificate Manager122 Netscape Certificate Management System Administrator’s Guide • February 2003For detailed information, see Chapter 15, “Publishing.”Configuring OCSP ServicesThe Certificate Manager contains an internal OCSP responder which is installed bydefault. The OCSP responder receives standard OCSP requests via the non-SSLend-entity port. It checks the status of certificates in the internal database and thenreports back on the status of the certificate.The Online Certificate Status Manager is a stand-alone subsystem that a CertificateManager publishes CRLs to. This subsystem receives standard OCSP requests forcertificate status and checks the CRLs to see if the certificate has been revoked. Thissubsystem can be configured with more than one Certificate Manager.See Chapter 5, “OCSP Responder” for information about both of these services.Setting Up CRLsThe CRL feature allows you to set up CRLs that are issued on a periodic basis. Youcan also define issuing points so that a CRL from that issuing point contains onlythe list of revoked certificates associated with that issuing point. You can alsocreate delta CRLS. When you install, the CRL feature is setup, but the creation ofCRLs is disabled. You need to enable it and configure issuing points to issue CRLs.For detailed information on setting up CRLs, see Chapter 14, “Revocation andCRLs.”Setting Up NotificationsThe notification feature that allows you to send automated notifications is disabledafter installation. You can set up three types of automatic notifications:• Certificate Issuance. An email is sent to the end entity when a certificate isissued.• Certificate Revoked. An email is sent to an end entity when a certificate isrevoked.• Request In Queue. An email is sent to agents when a request is received in theagent services interface request queue.
