I have a 2 tier CA deployment an offline stand alone Win2008R2 Standard, and an online Win2008 R2 Ent issuing CA, both have OCSP locations defined in the AIA extension and the online enterprise CA reports back OK for all locations, I only have the local, file, and http locations defined in CRL and local, http, and ocsp defined in AIA. This is the same for both CA's no ldap location and I have no AIA crt location defined for the root CA. I'm getting an error when Enterprise PKI verifies the OCSP location on the root CA, but I can save a certificate issued by the CA and use certutil -url and all locations come back verified. I also manually entered the crl location for the root CA in providers when setting up the OCSP revocation location. I am wondering if this might be due to there being no crt location in the root other than on the local drive and not defined in an http location in AIA extensions. Any help would be greatly appreciated.

Hello, i suggest to ask this in the security forum instead this one: http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi, If I understand correctly, you get an error when open the Enterprise PKI console on the root CA. Please copy the URL of the OCSP location and paste it in the Internet Explorer to check if it is accessible. Meanwhile, you can refer to the following article and verify the configuration: Online Responder Installation, Configuration, and Troubleshooting Guide http://technet.microsoft.com/en-us/library/cc770413(WS.10).aspx This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, How are you? Any update on the issue? Please do not hesitate to respond back, if you need further asssitance. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.