In this installment of PKI for network engineers, we’re going to install an online responder. the Online responder implements a lightweight version of OCSP or Online Certificate Status Protocol. it’s an HTTP based method for entities to check the whether a certificate has been revoked or not. This is an alternative to the Certificate Revocation List (CRL) which is a file that contains a list of all revoked certificates, and can grow quite large over time.
In addition to demonstrating the setup and configuration of the Online Responder, I also demonstrate a handy PKI verification utility called pkiview.
Using pkiview, I review and discuss a couple of mistakes I made in the AIA extensions of My CAs.
If you would like to know more about the Microsoft Online Responder and pkiview, Click the links at the bottom of this post.
Thanks for stopping by, and I look forward to posting the next installment of our awesome lab PKI build.