Before integrating the Utimaco CryptoServer with Microsoft Windows Server Online Certificate Status Protocol Service (OCSP), first complete the Utimaco CSP/CNG Installation.
It is strongly recommended to use the external key storage for OCSP if using HSMs in cluster mode. Therefore, the servers which serve OCSP should be separated from the certificate authorities.
You can install OCSP if you are already running an enterprise certificate authority.
The following steps are necessary to install OCSP in general:
-
Prepare certificate template for OCSP signing
-
CA Configuration
-
Install and configure online responder
-
Make a revocation configuration
-
Test the online responder