This article describes how to add and remove revocation information for a certain certificate issuer (CA) in Nexus OCSP Responder .
Add revocation information
To add revocation information for a certain CA:
-
If the CA is:
-
a trusted CA: Add the CA certificate to the trust store, see Trust store .
-
a subordinate CA to a CA in the trust store: Copy the CA certificate to the persistent directory.
All certificates in the trust store and persistent directory are automatically inserted into the cache.
-
-
Configure one or more CRL validator(s) to retrieve CRLs for this CA, see Validation section .
-
Restart Nexus OCSP Responder to make these updates take effect.
Remove revocation information
To remove revocation information for a certain CA:
-
Delete the CA certificate for the CA from the trust store or the persistent directory.
-
Delete the relevant CRLs from the CRL cache directory.
-
Delete the CRL validator entries in the configuration file that correspond to the CA you want to remove. Renumber all the following validators to close the gap in the sequence.
-
Restart Nexus OCSP Responder to make these updates take effect.