http://blogs.technet.com/askds/archive/2009/06/24/implementing-an-ocsp-responder-part-i-introducing-ocsp.aspxChris here again. For those Security Architects and PKI implementers, you may have known that since Windows Server 2008 we have an Online Certificate Status Protocol (OCSP) responder, and since Windows Vista we have an OCSP client that is integrated withen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/askds/archive/2009/06/24/implementing-an-ocsp-responder-part-i-introducing-ocsp.aspx#3258409Thu, 25 Jun 2009 00:50:26 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3258409Mkline<p>Good entry Chris!</p> <p>This is going to be a very good series. &nbsp;Especially for those of us in the federal space as smart cards are mandatory with the CAC rollout in DoD and HSPD-12 for other agencies.</p> <p>It would be nice to move from CRLs to OCSP. (I'm not saying CRLs will be eliminated anytime soon)</p> <p>It would be brutal interviewing with you...that would be a hard core PKI interview :)</p> <p>Thanks</p> <p>Mike</p> http://blogs.technet.com/askds/archive/2009/06/24/implementing-an-ocsp-responder-part-i-introducing-ocsp.aspx#3261519Mon, 06 Jul 2009 16:41:23 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3261519robbonfiglio<p>We are currently using Tumbleweed for CAC authentication, and were told from someone w/in Microsoft that we could take advantage of the OCSP Online Responder. &nbsp;Any tips, or documentation on how to set this up? &nbsp;We are not using our own CA here. &nbsp;All certificates come from the DOD CA's.</p> http://blogs.technet.com/askds/archive/2009/06/24/implementing-an-ocsp-responder-part-i-introducing-ocsp.aspx#3263460Mon, 13 Jul 2009 18:47:34 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3263460NedPyle<p>Hi robbonfiglio,</p> <p>We're not permitted to discuss US DOD PKI implementations here in the blog. Please open a regular USNAT support case with us (through your TAM, if you prefer) so we can discuss this offline.</p> <p>Thanks,</p> <p>Ned</p>