certutil -vocsproot
certutil -vocsproot delete
2. Configure Certificate Template
– Open Server Manager -> Expand Roles, Active Directory Certificate Services -> Right-click the name of your CA -> click Properties
– Click the Extensions tab -> In the Select extension list, click Authority Information Access (AIA)
– Click Add -> In the Location box, type http:///ocsp (Note: ServerDNSName is the hostname of the Online Responder server) -> click OK
– While clicking the new location entered -> Select the ‘Include in the online certificate status protocol (OCSP) extension’ check box -> click OK -> then click Yes to restart AD CS
– After restart -> Expand the CA name -> Right-click Certificate Templates -> click New, Certificate Templates to Issue
– In the Enable Certificate Templates dialog box -> Select the duplicate OCSP Response Signing template we earlier created -> click OK
– In the Certificate Templates console -> Verify that the duplicate certificate template appear in the list
Next: In the next post, I will cover the following: Configure Certificate Autoenrollment using group policy; add the Revocation Configuration to the OCSP Responder; and Verify the AD CS setup – Click Here