I’ve been building scripts to automate the deployment of my production PKI servers, and I ran into a snag. There doesn’t seem to be an easy way to automate OCSP like there is NLB or DFS. I asked the AD Team, and they responded with the following. I know it isn’t much, but it’s a start for anyone out there looking into it.
I can’t seem to find an answer to this question on google\technet. Are there any available Powershell, WMI, or command-line options for configuring an OCSP responder? I know that I can install the feature with the Add-WindowsFeature, but I’d like to script configuring the responder and creating the array.
Thanks for your time!
There are currently no command line tools or dedicated PowerShell cmdlets available to perform management tasks on the Online Responder. You can, however, use the COM interfaces IOCSPAdmin and IOSCPCAConfiguration to manage the revocation providers on the Online Responder.
1. Create an IOSCPAdmin object.
2. The IOSCPAdmin::OCSPCAConfigurationCollection property will return an IOCSPCAConfigurationCollection object.
3. Use IOCSPCAConfigurationCollection::CreateCAConfiguration to create a new revocation provider.
4. Make sure you call IOCSPAdmin::SetConfiguration when finished so the online responder gets updated with the new revocation configuration.
Because these are COM interfaces, you can call them from VBScript or PowerShell, so you have great flexibility in how you write your script.
Jonathan Stephens, MCITP-EA
Customer Service and Support