Just stood up a new Windows 2012 R2 Two-Tier PKI with HTTP-only CRL locations. Working nicely. I have Offline Root, Issuing CA and then two separate web servers that are hosting the HTTP location. I now want to include OCSP into this. Can I just install
the OCSP feature on the two web servers, since it seems like the OCSP reads the location of the CRL distribution point anyway. Or do I need to install it on the Issuing CA itself?
MCITP Exchange 2010 | MCITP Lync Server 2010 | MCTS Windows 2008