![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 83%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
20,214 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
Yes, it is possible to integrate the Windows Online Certificate Status Protocol (OCSP) with an external Certificate Authority (CA) that is not the Windows CA software.
Here are the general steps to integrate an external CA with Windows OCSP:
Obtain the OCSP responder software: You need to obtain an OCSP responder software that is compatible with your external CA. There are various third-party OCSP responder software options available in the market.
Install and configure the OCSP responder: Install the OCSP responder software on a server that will act as the OCSP responder. Follow the instructions provided by the software vendor to configure the OCSP responder properly. This typically involves configuring the responder settings, connecting to the external CA, and setting up the appropriate certificates and signing keys.
Generate the OCSP signing certificate: You need to generate an OCSP signing certificate from your external CA. This certificate will be used by the OCSP responder to sign OCSP responses. The exact process for generating the OCSP signing certificate will depend on the external CA software you are using. Refer to the documentation of your external CA for guidance on generating the OCSP signing certificate.
Configure the OCSP responder in Windows: On the Windows server where you want to integrate the OCSP responder, open the Certificate Services MMC snap-in. Go to the "OCSP Response Signing" template, and issue a certificate based on the OCSP signing certificate generated in the previous step. This certificate will be used by the OCSP client to validate OCSP responses.
Configure OCSP clients: On the client machines that will be verifying the status of certificates using OCSP, you need to configure the OCSP client settings. This involves specifying the URL of the external OCSP responder and configuring the trusted OCSP responder certificates.
I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–