hi all
i have deployed one joined stand-alone RooT CA & also a joined Enterprise Subordinate ( issuing) CA in my domain.
i want the Enterprise Subordinate CA be also online responder ( OR ) that respondes on HTTP. i have done all steps which described in Mr Brian Komar's PKI book and also Microsoft 70-640 R2 trainig kit.
( i duplicated signing ocsp Response Signing template , on Certification Authrity console , i configured AIA section, i obtained that signing certificate for my Ent CA , in OR console i configured a Revocation Configuration ,... )
but again when i select Enterprise PKI node , it displays error describing :
AIA Location #3 : unable to downlaod
OCSP location #1 Error
at this 2 location, ( AIA Location #3 and OCSP location )Console , in Revocation configuration section , in provider section , i have tried may different URL Addresses but no one worked :-(
i tried this URL Addresses : http://ServerFQDN/OCSP http://serverFQDN/Certserv
when i look at OCSP section in IIS, thats empty there in no file or folder in that. i lso copied CRL and Delta CRL from Certsrv directory to OCSP drirectory , but again didn't work and Enterprise PKI still displays Error.
which of my steps are wrong ?
for Online Responder , which of these 2 URL should i set in AIA and OR conoles :
http://ServerFQDN/OCSP http://serverFQDN/Certserv ?
( according to that OCSP directory is empty by default )
not exact help found on net or books :-(
thanks in advance