Hello
I have been doing a little reading on the above and have a couple of questions please :)
I see Microsoft OCSP has one Revocation Provider e.g. CRL, thereby it retrieves information about the currently revoked certificats from the CA by way of the CRL.
Therefore I assume if you setup an MS OCSP Server you also have to have CRL/Delta CRL distribution enabled on the CA?
If the above is correct can you remove the CRL URL from the CDP extension and just leave the OCSP in the AIA extenstion, but then configure the OCSP Server to tell it where the CRL is being published (so it can get the list it needs)?
Or do you still leave the CRL in the CDP and add the OCSP to the AIA and a client like Vista or above will try the OCSP over the CRL if sees both extensions in the certificate it is checking?
Thanks All
AAnotherUser__
AAnotherUser__