Installing a Server Authentication Certificate

Issuing a Certificate Request (PKCS#10)

Step 1: Access the server through SSH with an account with administrative privileges;

Step 2: Load the OCSPd Configuration Utility with the following command:

# /opt/ocspd/sbin/ocspd-config

Step 3: In the main menu, select 'NGINX':

NGINX Config Menu

Step 4: In the NGINX menu, select 'CSR':

NGINX CSR Menu

Step 5: Specify the DNS Name of the OCSPd server:

Specify Hostname

Step 6: The certificate request is generated and available under '/etc/nginx/ssl/ocspd.csr.new':

CSR generated

Step 7: Sign the certificate request using the corporate PKI.

Installing a Server Certificate

Step 1: Upload the generated server certificate on the OCSPd server under '/tmp/ocspd.pem' through SCP;

Step 2: In the NGINX configuration menu, select 'CRT':

CRT menu

Step 3: Specify the path '/tmp/ocspd.pem' and validate:

CRT path

Step 4: The server certificate is successfully installed:

CRT installed

Installing the Server Certificate Trust Chain

Step 1: Upload the server certificate trust chain (the concatenation of the Certificate Authority certificates in PEM format) on the OCSPd server under '/tmp/server.bundle' through SCP;

Step 2: In the NGINX configuration menu, select 'TS':

TS menu

Step 3: Specify the path '/tmp/server.bundle' and validate:

TS path

Step 4: The server bundle is successfully installed:

TS installed