locked
OCSP client access RRS feed

  • Question

  • So Windows 2008 has built in support for ocsp checking for client applications running on that Windows 2008 server.  .Net framework provides the ability to validate certificates and certificate chains in more ways than one.  For example, you can set the x509Chain.ChainPolicy properties for a given cert for CRL checking.  There's also the option of setting the checkCertificateRevocationList property of the servicePointManager.  These settings seem to work great against the Windows cryptoAPI, which manages the caching and updating of CRLs.

    So is there anything different one has to do within .Net at an application level to take advantage of the native ocsp client support built into Windows 2008? Or, will these methods described above be used to also enforce ocsp checking (assuming your application is running on Windows 2008 or Vista)?

    Thanks,
    CJF
    Tuesday, December 9, 2008 10:30 PM

All replies

  • I have exactly the same question and i havent found answe yet. Anyone?

    My question is - how to configure OCSP client on windows server 2008 to do certificate validation against external third party OCSP responder?

    I have found 0 information still :(

    Thanks,
    Taavi
    Taavik
    • Proposed as answer by danielparker Tuesday, December 15, 2009 8:00 PM
    Wednesday, June 10, 2009 12:04 PM
  • You can do this by going to the properties of the certificate (on the server in question) and clicking Edit Properties and selecting the OCSP tab.
    • Proposed as answer by danielparker Tuesday, December 15, 2009 8:00 PM
    Tuesday, December 15, 2009 8:00 PM