Online Certificate Status Protocol, or short: OCSP, let you obtain the revocation status of a certificate. It has some benefits over certification revocation lists, mainly that you can let the OCSP server do the heavy work of validating a certificate and the client gets some additional security when accepting the answer. To use OCSP in your landscape, you will have to install and configure an OCSP responder. I did this for my sandbox SMP3 system. Here are the links that contain the information on how to set up your own OCSP responder on your Microsoft CA server.
- OCSP part 1 – Install an Online Responder
- OCSP part 2 – Create a Revocation Configuration
- OCSP part 3 – Add read permission to NetWork Service
- OCSP part 4 – Configure CA to support OCSP Responders
- OCSP part 5 – Further configuration steps
- OCSP part 6 – Test OCSP service
Hope you find the links useful.
Additional OCSP information
Here are some more links that I consulted when setting up my OCSP responder. All are from Microsoft and treat information regarding OCSP on a Microsoft server and CA.