Hi, do I understand correctly that the OCSP service offered in WinSrv2008R2 only works with a revocation provider based on a CA's CRLs, i.e. it is not directly querying the CA database? So, for a 3rd party authentication service - RADIUS in this case, there would not be a big difference between utilizing OCSP versus retrieving and possibly cashing CRLs itself, right? Thanks - Stef

> do I understand correctly that the OCSP service offered in WinSrv2008R2 only works with a revocation provider based on a CA's CRLs, i.e. it is not directly querying the CA database? yes, this is correct. > So, for a 3rd party authentication service - RADIUS in this case, there would not be a big difference between utilizing OCSP versus retrieving and possibly cashing CRLs itself, right? again, yes.http://en-us.sysadmins.lv