Components of an Online Responder

Applies To: Windows Server 2008 R2

The Online Responder role service in Windows Server 2008 R2 is made up of the following components.

Component Description

Online Responder service

The Online Responder service decodes a revocation status request for a specific certificate, evaluates the status of this certificate, and sends back a signed response containing the requested certificate status information. The Online Responder service is a separate component from a certification authority (CA).

Online Responder

A computer on which the Online Responder service and Online Responder Web proxy are running. A computer that hosts a CA can also be configured as an Online Responder, but you should maintain CAs and Online Responders on separate computers. A single Online Responder can provide revocation status information for certificates issued by a single CA or multiple CAs. CA revocation information can be supported by more than one Online Responder.

An Online Responder can be installed on any computer running Windows Server 2008 R2 Enterprise or Windows Server 2008 R2 Datacenter. The certificate revocation data is derived from a published certificate revocation list (CRL) that can come from a CA on a computer running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server, or from a non-Microsoft CA.

Online Responder Web proxy

The service interface for the Online Responder is implemented as an Internet Server API (ISAPI) extension hosted by Internet Information Services (IIS). The Web proxy receives and decodes requests, and caches responses for a configurable period of time.

Revocation configuration

A revocation configuration includes all of the settings that are needed to respond to certificate status requests that have been issued by using a specific CA key. These configuration settings include the CA certificate, the signing certificate for the Online Responder, and the type of revocation provider to use.

Revocation provider

A revocation provider is the software module that, in conjunction with other revocation configuration settings, enables an Online Responder to check the status of a certificate. The revocation provider in Windows Server 2008 R2 uses data from CRLs to provide this status information.

Online Responder Array

An Online Responder Array contains one or more member Online Responders. Additional Online Responders can be added to an Online Responder Array for a number of reasons, including geographic considerations, scalability, network design considerations, or fault tolerance if an individual Online Responder becomes unavailable. Responders in an Online Responder Array are referred to as Array members.

Online Responder Array controller

When multiple Online Responders are combined in an Array, one member of the Array must be designated as the Array controller. Although each Online Responder in an Array can be configured and managed independently, in case of conflicts the configuration information for the Array controller will override configuration options set on other Array members.

Additional references