Install and configure CA Online Responder – AD CS Part2

certutil -vocsproot

certutil -vocsproot delete

2. Configure Certificate Template

– Open Server Manager -> Expand Roles, Active Directory Certificate Services -> Right-click the name of your CA -> click Properties

– Click the Extensions tab -> In the Select extension list, click Authority Information Access (AIA)

– Click Add -> In the Location box, type http:///ocsp (Note:  ServerDNSName is the hostname of the Online Responder server) -> click OK

– While clicking the new location entered -> Select the ‘Include in the online certificate status protocol (OCSP) extension’ check box -> click OK -> then click Yes to restart AD CS

– After restart -> Expand the CA name -> Right-click Certificate Templates -> click New, Certificate Templates to Issue

– In the Enable Certificate Templates dialog box -> Select the duplicate OCSP Response Signing template we earlier created -> click OK

– In the Certificate Templates console -> Verify that the duplicate certificate template appear in the list

Next: In the next post, I will cover the following: Configure Certificate Autoenrollment using group policy; add the Revocation Configuration to the OCSP Responder; and Verify the AD CS setup – Click Here

 Share!

 
comments powered by Disqus