Remove From My Forums

OCSP missing in IIS 8.5

Question
0

Sign in to vote
Hi Guys,

I am building a new CA infrastructure, on 2012 R2, but I'm having a little trouble configuring my OCSP server.

The server has IIS installed already, and is hosting the CDPs, I insatlled the Online Responder role, configured it etc...

The issue I have is that there is no OCSP virtual directory in IIS, everywhere I look says it should be created automatically when I install the Online Responder role, and I can't find any guides for how to configure it manually.

Eventually I plan to move OCSP onto a highly available shared IIS farm, but I just wanted to get it working on a standalone server first.

All CAs and the IIS server are 2012 R2.

Thanks,

Joel
- Moved by Amy Wang_ Tuesday, October 28, 2014 8:23 AM CA related from DS forum
Tuesday, October 28, 2014 6:52 AM

Answers

4

Sign in to vote
There should be an application under default web site. You can restore it by running the following command on IIS server:

certutil -vocsproot

My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new: PowerShell FCIV tool.
- Proposed as answer by Vadims PodansMVP Tuesday, October 28, 2014 9:26 AM
- Marked as answer by joele89 Tuesday, October 28, 2014 10:10 PM
Tuesday, October 28, 2014 9:26 AM
0

Sign in to vote
OCSP is not a virtual directory, it is an ISAPI extension. If you run pkiview.msc on the server you should be able to iterate your PKI and see if the OCSP is properly defined and working correctly.
Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years.
- Marked as answer by Amy Wang_ Tuesday, November 11, 2014 9:49 AM
Tuesday, October 28, 2014 9:07 AM

All replies

0

Sign in to vote
OCSP is not a virtual directory, it is an ISAPI extension. If you run pkiview.msc on the server you should be able to iterate your PKI and see if the OCSP is properly defined and working correctly.
Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years.
- Marked as answer by Amy Wang_ Tuesday, November 11, 2014 9:49 AM
Tuesday, October 28, 2014 9:07 AM
4

Sign in to vote
There should be an application under default web site. You can restore it by running the following command on IIS server:

certutil -vocsproot

My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new: PowerShell FCIV tool.
- Proposed as answer by Vadims PodansMVP Tuesday, October 28, 2014 9:26 AM
- Marked as answer by joele89 Tuesday, October 28, 2014 10:10 PM
Tuesday, October 28, 2014 9:26 AM
0

Sign in to vote

Thanks Vadims, That worked perfectly.

Any recommendations in relation to hosting on a shared IIS Farm (With Shared Config)?

Tuesday, October 28, 2014 11:26 PM
0

Sign in to vote

Hi,

Regarding IIS related issue, I suggest you refer to experts from IIS forum below:

http://forums.iis.net/

Best Regards，

Amy

Tuesday, November 11, 2014 9:50 AM
0

Sign in to vote

Have you get hosting on a shared IIS Farm (With Shared Config)?

Thanks,

Eva Janakieff

Wednesday, June 22, 2016 12:22 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

OCSP missing in IIS 8.5

Question

Answers

All replies