An Online Responder can make revocation information available from multiple certification authorities (CAs) and multiple CA certificates. However, each CA and CA certificate served by an Online Responder requires a separate revocation configuration.
A revocation configuration includes all of the settings that are needed to respond to status requests regarding certificates that have been issued by using a specific CA key. These configuration settings include the following:
- CA certificate. This certificate can
be located in Active Directory Domain Services (AD DS), in the
local certificate store, or imported from a file.
- Signing certificate for the Online
Responder. This signing certificate can be selected
automatically for you, selected manually (which involves a separate
import step after you add the revocation configuration), or you can
use the selected CA certificate to also serve as the signing
- Revocation provider. The revocation
provider will provide the revocation data used by this
configuration. For a Windows Server 2008 R2 or Windows
Server 2008 provider, this information is entered as one or
more URLs where valid base CRLs and delta CRLs can be obtained.
Before you begin to add a new revocation configuration, make sure you have the information in the preceding list available.
You must have Manage Online Responder permissions on all of the Online Responders in the Array to complete this procedure. For more information about administering a public key infrastructure, see Implement Role-Based Administration.
|To add a revocation configuration to an Online Responder|
Open the Online Responder snap-in.
In the console tree, click Revocation Configuration.
A list of existing revocation configurations appears in the details pane.
In the Actions pane, click Add Revocation Configuration to start the Add Revocation Configuration Wizard.
Provide the information requested in the wizard.
When all the information has been entered, click Finish, and then click Yes to complete the setup process.
You can modify the properties of an existing revocation configuration, view its CA certificate, or delete the revocation configuration, by selecting the revocation configuration and clicking Edit Properties in the Actions pane.
The following properties of a revocation configuration can be modified:
- Local CRL. For more information, see
Revocation Data by Using Local CRLs.
- Revocation provider. For more
information, see Revocation Provider
- Signing. For more information, see