Hello
I posted a question on this forum previously regarding CRL v OCSP, Vadims kindly answered some of the questions and made the point that the MS version of OCSP is still not immediate but rather using an element of caching (I assume this is to take immediate strain off of the OCSP and CA Sever/s in high volume environments. However I was wondering is the a OCSP engine/server that is immediate e.g. each time it is requested to check a certificate it goes to the CA Database and reads current information for revoked certificates to get the last information each time, and if so is said OCSP engine/server compatible with AD CS.
I did a bit more reading on this and from what I understand the OCSP using what is known as 'providers' which tell it how/when to get information on revoked certificates etc. From the information I read the MS OCSP Server has one provider by default know and the 'CRL Provider' which I believe means it used some (possibly all) the settings regarding CRL's to decide how long it should cache information and used for incoming certificate validation requests. Therefore if I am reading the information correctly this would explain Vadims comment in a previous post explain MS OCSP is a delayed service in a similar way to standard CRL. With this in mind rather than replacing MS OCSP with some thing else, is it possible to change the 'Provider' MS OCSP uses to make the information if provides to requests more up to date?
Thanks all
AAnotherUser__
AAnotherUser__