Dear All,
I have configured a Windows Server 2012 R2 Standard server to run a Certificate Authority and a Online Responder to use OCSP to check on the validity of the issued certificates (a ClearPass appliance is being used to check the certificates). From what I can see, the Online Responder is working and giving OCSP responses that the appliance is interpreting correctly when the certificate is valid, but if I revoke a certificate, OCSP persists in giving them the OK. To troubleshoot this I would like to see event logs of the operation of the Online Responder including each of the responses it gives and why.
My questions are:
1) How do I enable the Online Responder logs?
2) Once enabled, where can I find these logs in Event Viewer? And if they are in an existing Event Log, which IDs do I use to filter them?
3) Is there a cache, time-out, or similar process which is delaying the Online Responder noticing the revoked certificates?
Hoping to hear from you soon.
Yours,
FD