Information Technology Reference
In-Depth Information
9. Next, you must inform the CA of the online responder's location. Right-click the CA server
node and click
Properties
.
10. Click the
Extensions
tab. Click the
Select extension
list arrow (see Figure 11-15), and then
click
Authority Information Access (AIA)
.
11
Figure 11-15
The Extensions tab
11. In the “Specify locations from which users can obtain the certificate for this CA” list box,
click the entry starting with
http
. Click the
Include in the online certificate status protocol
(OCSP) extension
check box, and then click
OK
.
12. When you're prompted to restart Active Directory Certificate Services, click
Yes
.
13. Now the OR server (Server1XX, in this case) must enroll in the signing certificate you con-
figured earlier in this activity. You can do this by restarting the server or requesting it man-
ually. The next activity goes through the steps to request the certificate manually so that the
server doesn't have to be restarted. Stay logged on for the next activity.
Activity 11-8: Requesting the OCSP Response Signing Certificate
Time Required:
10 minutes
Objective:
Request the OCSP Response Signing certificate.
Description:
To avoid restarting the OR server, you request the OCSP Response Signing certifi-
cate in the Certificates snap-in.
1. Log on to
Server1XX
as Administrator and open Server Manager, if necessary.
2. Click
Start
, type
MMC
in the Start Search text box, and press
Enter
. Click
File
,
Add/Remove
Snap-in
from the MMC menu.
Search WWH ::
Custom Search