Checklist: Enhance Certificate Revocation Checking in Diverse Environments by Setting Up an Online Responder Array

Applies To: Windows Server 2008 R2

Unlike certificate revocation lists (CRLs), which are distributed periodically, contain information about all certificates that have been revoked or suspended, and can become quite large, an Online Responder responds to client requests for information about the status of individual certificates. The amount of data retrieved per request remains constant no matter how many revoked certificates there might be, which makes it easier to provide current status information to large numbers of clients when it might take an unacceptable amount of time for clients to download a CRL. Setting up multiple linked Online Responders in an Array can provide flexibility and scalability to revocation checking in diverse network environments.

Task Reference

Set up additional subordinate certification authorities (CAs).

Install a Subordinate Certification Authority

Install and configure certificate templates.

Managing Certificate Templates (https://go.microsoft.com/fwlink/?LinkId=142230)

Configure the issuing CA to issue Online Certificate Status Protocol (OCSP) Response Signing certificates.

Configure a CA to Support OCSP Responders

Install and configure the Online Responder.

Set Up an Online Responder

Create a revocation configuration for the Online Responder.

Creating a Revocation Configuration

Create an Online Responder Array.

Managing an Online Responder Array (https://go.microsoft.com/fwlink/?LinkId=142234)