Online Certificate Status Protocol
Online Certificate Status Protocol, or short: OCSP, let you obtain the revocation status of a certificate. It has some benefits over certification revocation lists, mainly that you can let the OCSP server do the heavy work of validating a certificate and the client gets some additional security when accepting the answer. To use OCSP in your landscape, you will have to install and configure an OCSP responder. I did this for my sandbox SMP3 system. Here are the links that contain the information on how to set up your own OCSP responder on your Microsoft CA server.
My walkthrough
- OCSP part 1 – Install an Online Responder
- OCSP part 2 – Create a Revocation Configuration
- OCSP part 3 – Add read permission to NetWork Service
- OCSP part 4 – Configure CA to support OCSP Responders
- OCSP part 5 – Further configuration steps
- OCSP part 6 – Test OCSP service
Hope you find the links useful.
Additional OCSP information
Here are some more links that I consulted when setting up my OCSP responder. All are from Microsoft and treat information regarding OCSP on a Microsoft server and CA.
About
Implementing OCSP responder part 1 – introducing OCSP
OCSP installation and configuration
Designing and implementing a PKI part 2
Designing and implementing a PKI part 3
Designing and implementing a PKI part 4
Designing and implementing a PKI part 5
Windows Server
Online Responder Installation, Configuration, and Troubleshooting Guide
0 Comments