Checklist: Enhance Certificate Revocation Checking in Diverse Environments by Setting Up an Online Responder Array
Applies To: Windows Server 2008, Windows Server 2012
Unlike certificate revocation lists (CRLs), which are distributed periodically, contain information about all certificates that have been revoked or suspended, and can become quite large, an Online Responder responds to client requests for information about the status of individual certificates. The amount of data retrieved per request remains constant no matter how many revoked certificates there might be, which makes it easier to provide current status information to large numbers of clients when it might take an unacceptable amount of time for clients to download a CRL. Setting up multiple linked Online Responders in an Array can provide flexibility and scalability to revocation checking in diverse network environments.
| Task | Reference |
|---|---|
Set up additional subordinate certification authorities (CAs). |
|
Install and configure certificate templates. |
|
Configure the issuing CA to issue Online Certificate Status Protocol (OCSP) Response Signing certificates. |
|
Install and configure the Online Responder. |
|
Create a revocation configuration for the Online Responder. |
|
Create an Online Responder Array. |