Install the Online Responder service
The Online Responder service is a role service and provides certificate revocation checking data accessible to clients. On the subordinate CA server use Server Manager to add the service.
This is a follow on guide to my previous post Guide - User and Computer Auto-Enrollment Configuration
Select Online Responder and click Next
Accept the default selection and click Add Features
Accept the default selection and click Next
Click Install
Once the Install has completed click on Configure Active Directory Certificate Services on the destination server
Click Next
Select Online Responder and click Next
Click Configure
Click Close
Use the Certificate Authority MMC Snap-in to update the CA properties. Click the Extensions tab and add a new AIA distribution location to http://CS02.domain.local/ocsp.
Click OK and Yes to restart when prompted.
Configure the OCSP Response Singing certificate template and enable Authenticated Users.
Duplicate the existing template
Select the General tab and enter the require Template display name
On the Security tab ensure that Authenticate Users have the Enroll permission.
Publish the new Certificate Template
Select your template and click OK
Open the Online Responder Management MMC
Right click and Add Revocation Configuration
Click Next
Enter the required name and click Next
Ensure the Select a certificate for an Existing enterprise CA is selected and click Next
Click Browse for an CA published in Active Directory
Select the CA
Select the Certificate template you published earlier and click Next
View the provider Properties to ensure they are configured correctly and click OK
Comments
Post a Comment