HOWTO-Ocsp-Unid-client(水平有限,仅供个人参考)

源自:EJBCA3.5.1 doc

This file describes how to build and use the stand alone OCSP and Lookup server client.

该文主要描述如何构建和使用独立OCSP和查找服务器客户端.

Setting up the OCSP and Lookup server:

配置OCSP和查找服务
-------------------------------------
See HOWTO-OCSP-RESPONDER.txt for information how to install and configure external OCSP responders and the Lookup
server.
阅读HOWTO-OCSP-RESPONDER.txt查找如何构建和配置扩展OCSP响应和查找服务器的信息.


Building the OCSP/Lookup client.
构建OCSP/查找客户端
-------------------------------
Run the command 'ant ocspclient.jar'.
In the directory 'ocsp-dist' there is now a file called ocspclient.zip. This file can be moved to
some other place and unzipped. It will unzip several files in the directory where you run the unzip command.
You can use it as a command line client by running 'ocsp.sh'. You can link to it and use the API by including
the ocsplient.jar and the jar files in the 'lib' subdirectory in your build and class path.

运行命令'ant ocspclient.jar'.                                                                       
在'ocsp-dist'目录下有一个文件ocspclient.zip.这个文件可以被移动到其它地方进行解压,解压之后将产生几个文件,可以通过
运行'ocsp.sh'将之用为一个命令行客户端.这样就可以通过使用包含在ocsplient.jar和你的build和class路径下的子目录lib中的
API来链接它.

 


Using the API
-------------
To learn the API by looking at the source code, since it is included. The client API is in the class
org.ejbca.core.protocol.ocsp.OCSPUnidClient.
The command line client can serve as a good sample for using the API and it is in the class
org.ejbca.ui.cli.Ocsp.

使用API
-------------
通过查看代码来学习API,客户端API在org.ejbca.core.protocol.ocsp.OCSPUnidClient包下.
使用API的命令行客户端例子是org.ejbca.ui.cli.Ocsp.


Fnr-Unid mapping
----------------
For the Unid Lookup part, you must use https with a client certificate with the ocsp client. If you use http with
a client certificate and the OCSP responder is set up to answer Lookup requests, the OCSP client will returns the
Fnr. The Fnr will be returned if the certificate contains a Unid in the SN component of the SubjectDN, and the
Unid has a valid mapping to an Fnr in the OCSP responders Fnr-Unid mapping database.

If the Fnr returned is null, there are several possible errors:
1.The client was not authorized to request an Fnr
2.There was no Unid Fnr mapping available
3.There was no Unid in the certificate (serialNumber DN component)


Fnr-Unid 映射
----------------
  对于Unid查找部分,必须通过带有ocsp客户端的客户端证书的https.如果使用带有客户端证书的http和用于应答查找请求的OCSP
响应器,OCSP客户端将返回Fnr.如果证书的SubjectDN部分的SN中包含一个Unid,并且在OCSP响应器Fnr-Unid映射数据库中该Unid拥
有一个有效的Fnr映射,则Fnr将被返回.
  如果Fnr返回值为null,有以下几种错误:
1.客户端无权请求一个Fnr
2.无Unid Fnr 映射可用
3.在证书中没有Unid(序列号 DN 部分)

你可能感兴趣的:(server,api,File,command,Class,Build)