MSFT OCSP Responder + New DoD Configs!


Hello All, wanted to jump in with a quick post on updating the Microsoft OCSP revocation providers for some new DoD certificate authorities that have been commissioned.  This is based on my post a while back on setting up our OCSP responder with DoD configurations here.  There are roughly about 20 or so new revocation configurations that we can add so that the Windows Server OCSP responder can provide revocation status checking for these CAs.  I've updated the function calls in the TechNet gallery to accommodate for the new CAs:

I've also commented out the expired CAs, and added line 25 where you can set the crl fetch intervals to your specifications; as an example I set it to 24 hours here:

The function is available at the TechNet script center!

https://gallery.technet.microsoft.com/scriptcenter/Server-2008-R2-and-Server-30a916cb

Cheers!

Jesse Esquivel

Comments (0)

Skip to main content