OCSP Scripting

I’ve been building scripts to automate the deployment of my production PKI servers, and I ran into a snag. There doesn’t seem to be an easy way to automate OCSP like there is NLB or DFS. I asked the AD Team, and they responded with the following. I know it isn’t much, but it’s a start for anyone out there looking into it.


ADS Team,
I can’t seem to find an answer to this question on google\technet. Are there any available Powershell, WMI, or command-line options for configuring an OCSP responder? I know that I can install the feature with the Add-WindowsFeature, but I’d like to script configuring the responder and creating the array.
Thanks for your time!

John Puskar


There are currently no command line tools or dedicated PowerShell cmdlets available to perform management tasks on the Online Responder. You can, however, use the COM interfaces IOCSPAdmin and IOSCPCAConfiguration to manage the revocation providers on the Online Responder.
1. Create an IOSCPAdmin object.
2. The IOSCPAdmin::OCSPCAConfigurationCollection property will return an IOCSPCAConfigurationCollection object.
3. Use IOCSPCAConfigurationCollection::CreateCAConfiguration to create a new revocation provider.
4. Make sure you call IOCSPAdmin::SetConfiguration when finished so the online responder gets updated with the new revocation configuration.

Because these are COM interfaces, you can call them from VBScript or PowerShell, so you have great flexibility in how you write your script.

Kind regards,
Jonathan Stephens, MCITP-EA
Customer Service and Support
Microsoft Corporation


4 thoughts on “OCSP Scripting

  1. Pingback: Table of Contents | windowsmasher

  2. Pingback: OCSP powershell script | Wim Beck

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s