Currently i have configured a CA Cluster (2012R2) and an OCSP Cluster with NLB.
For external OSCSP request we are using TMG.
This scenario with TMG has not turned out satisfactory and we only have one TMG so there is also a single point of failure.
I would like to build up an OCSP Cluster without TMG in the DMZ but I'm wondering what would be the best way to deploy ocsp certificate.
Using static DCOMPorts?
Using a script to renew a certificate and copy it to ocsp server
Or just don't renew the certificate