6.10. Revocation Routing Configuration
To configure revocation routing, you must first define a list of relevant CA connectors and add them to the connector list in the following format:
tps.connCAList=ca1,ca2
Additionally, you must add the CA signing certificate to the TPS
nssdb
and set up trust:
#
cd <TPS instance directory>/alias
#
certutil -d . -A -n <CA signing cert nickname> -t “CT,C,C” -i <CA signing cert b64 file name>
Finally, the nickname of the CA signing certificate must be added to the connector using the following option:
tps.connector.ca1.caNickname=caSigningCert cert-pki-tomcat CA
Note
During CA discovery, the TPS may automatically calculate the Authority Key Identifier of the CA and add it to the connector configuration. For example:
tps.connector.ca1.caSKI=i9wOnN0QZLkzkndAB1MKMcjbRP8=
This behavior is expected.