Adding additional responders in a live environment

There is no automated way of pushing all the certificates that has been published to existing OCSP responders. To duplicate an existing "source" OCSP database to a "target" OCSP database:

  1. To create the tables in the target OCSP, start JBoss AS with OCSP deployed for the first time (and then stop the server before doing the next step).

  2. Add an additional DataSource for the target OCSP responder in EJBCA.

  3. Configure a new ValidationAuthorityPublisher (Enterprise feature only) in EJCBA that uses the target OCSP DataSource. Chose to only publish to queue to accumulate all changes during the cloning.

  4. Wait one hour and check that there is nothing in the publisher-queue of the source OCSP that is older than one hour.

  5. Do a MySQL dump from the source database to the target database or use the ClientToolBox DBCOPY-command.

  6. When the copy operation has finished, configure a new Republisher Service for the target's OCSP Publisher.

  7. Make sure that the queue that built up during the copy operation is now published to the target OCSP.

  8. Run the monitoring tool (ClientToolBox OCSPMon) to verify that the new OCSP is in sync.

  9. Start the new OCSP node and add it to the pool of OCSPs in your load balancer.