. '''To [[SystemAdministration/Systems|Systems Overview]]''' ---- = Systems - Ocsp = = Basics = == Purpose == Online Certificate Status Protocol Server, [[OcspResponder]] == Physical Location == Xen (Sun4) == Logical location == || IP Internet || 213.154.225.236 || crl.cacert.org || || IP Intranet || 172.16.3.104 || crl-medium.intra.cacert.org || || IP Admin || 172.16.50.104 || crl.intra.cacert.org || || IP Internet || 213.154.225.237 || ocsp.cacert.org || || IP Intranet || 172.16.3.103 || ocsp-medium.intra.cacert.org || || IP Admin || 172.16.50.103 || ocsp.intra.cacert.org || == Applicable Documentation == This is it :-) == Administration == || System Admin || E-mail || || Critical System Administrators || critical-admin@cacert.org || || || ocsp-admin@cacert.org || = Services = == Listening services == || System || Protocol || Port || Remarks || || || SSH || TCP/22 || only from two hosts on internal admin network; remote system maintenance || || crl || HTTP || TCP/80 || webserver for CRL retrieval || || crl || HTTPS || TCP/443 || webserver for CRL retrieval in SSL mode || || crl || RSYNC || TCP/873 || rsync daemon for efficient CRL retrieval || || ocsp || OCSP || TCP/80 || OCSP responder (redirected by firewall to TCP/2560) || || ocsp || OCSP || TCP/2560 || OCSP responder || == Running services == || Service || Started from || || apache2 || autostart conf || || ocspd || autostart conf || || rsyncd || autostart conf || || sshd || autostart conf || || postfix || autostart conf || == Connected Systems == === Outbound network connections === || Protocol || Port || Remarks || || DNS || UDP/53 + TCP/53 || DNS lookups to resolver on admin network only || || SYSLOG || UDP/514 || only to admin syslog server || || boxbackup || TCP/2201 || only to backup.intern.cacert.org; for on-line backups || = Security = * Board motion [[https://community.cacert.org/board/motions.php?motion=m20110501.2|m20110501.2]] . New critical systems . That the systems Backup, CRL, Hopper, Logger (critical) are critical systems. == Non-distribution packages and modifications == * openca-ocspd-1.9.0 with local modifications * boxbackup client v0.11rc8 * local configuration maintained in http://svn.cacert.org/CAcert/SystemAdministration/ocsp/ == Risk assessments on critical packages == = Tasks = = Critical Configuration items = = Changes = == Planned == === System Future === === Document Stuff === SystemAdministration team are responsible for the OCSP Responders. Here is the [[SystemAdministration/Procedures/OcspResponder|OCSP Procedure]] for running a responder. ---- . CategorySystems