Add OCSP Locations to Issued Certificates

Applies To: Windows Server 2008 R2

The location of an Online Responder is specified as a URL in the authority information access extension in a certificate. When a certification authority (CA) issues a certificate, it adds the authority information access extension to the certificate; when a client needs to check the revocation status of a certificate, it will send the certificate status request to this URL.  

The OCSP Properties tab allows you to add Online Responder URLs to previously issued certificates that did not contain an authority information access extension. If an organization adds an Online Responder to an existing public key infrastructure (PKI), this setting allows you to use Online Certificate Status Protocol (OCSP) responses for existing certificates, eliminating the need to reissue the certificates. When you add an OCSP download location for a root or intermediate CA certificate, that location will be used to retrieve the OCSP response for all certificates issued by that particular CA.

Note

The OCSP download locations added through the OCSP Properties tab are checked before any download locations that already exist in a certificate. If you need to add a placeholder URL, use the following address: https://localhost.

Additional references