Breadcrumbs

CA Configuration

Some more steps are necessary to use OCSP with a CA. Perform the next steps on the CA server.

  1. Open the command prompt and run the certsrv.msc command.

  2. Right-click Certificate Authority Name and select Properties.

image-20250805-111735.png


"Extensions Tab" Window

  1. Change to the Extensions tab and select Authority Information Access (AIA). Add the URL of the OCSP service. Typically, this is the FQDN of the OCSP server with the path OCSP, e.g., http://FQDN-OF-SERVER/ocsp. Click OK. After adding, select the URL previously entered, select Include in the online certificate status protocol (OCSP) extension. Click Apply and then click OK.

  2. You will receive a pop-up window to restart the AD CS, for the changes to take effect. Click Yes and click OK.