|
- Implementing an OCSP responder: Part I - Introducing OCSP
The OCSP Responder then can parse the CRL to determine the revocation status, and send the appropriate response to the client OCSP Components OCSP Client The OCSP Client is a component that generates OCSP requests based on information stored in the AIA extension of the certificate it is validating
- Implementing an OCSP responder: Part III - Configuring OCSP for use . . .
This allows the OCSP responder to use any certificate that the OCSP Signing configured in the Extended Key Usage extension of the certificate Vista clients will only accept OCSP responses that are signed by the same CA for which the OCSP Responder is providing revocation information
- Implementing an OCSP Responder: Part V High Availability
When configuring an OCSP Responder in a Load Balanced Configuration you will need to specify the name of the Load Balancer Below is a diagram of the OCSP Infrastructure that I will walk through implementing in this blog posting Notice that the name of the two OCSP Responders are FCOCSP01 FourthCoffee Com and FCOCSP02 FourthCoffee com
- Implementing an OCSP responder: Part IV - Configuring OCSP for use with . . .
6 Verify the certificate Key things to look for here are the presence of the OCSP No Revocation Checking Extension And that OCSP Signing is specified in the Enhanced Key Usage (EKU) Extension \n\n \n \n Exporting the Certificate from the CA \n\n 1 First select Copy to File from the Details Tab of the Certificate Properties
- Implementing an OCSP responder: Part II - Preparing Certificate . . .
Preparing Windows Server 2003 Standalone CA for use with OCSP Responder OCSP Signing Certificates In order to be able to deploy the OCSP Signing Certificate used by the OCSP Responder, there are some configuration changes that need to be made on a Windows Server 2003 CA A signing certificate includes the id-pkix-ocsp-nocheck extension
- Microsoft PKI OCSP Responder Now JITC Certified and Lab Setup Guide
OCSP is a lightweight http protocol that can potentially be faster and more efficient than downloading a traditional CRL An OCSP responder can be configured to download CRLs and provide digitally signed real time certificate revocation status responses to clients based on a given certificate authority’s CRL
- Implementing an OCSP Responder: Part VI Configuring Custom OCSP URIs . . .
The option to add the OCSP URI via group policy adds additional flexibility when using the OCSP Client included in Windows Vista This feature will also be extremely helpful to customers that do have isolated networks as well as those customers that want OCSP support and are not ready to renew their CA hierarchy
- Step by Step: 2-Tier PKI Lab | Microsoft Community Hub
Online Responders (OCSP): As mentioned, an Online Responder can be configured to answer revocation status queries more efficiently than CRLs, especially useful if your CRLs grow large or you have high-volume certificate validation (VPNs, etc ) AD CS’s Online Responder role service can be installed on a member server and configured with the
|
|
|