1.3 Overview

  • Article

The Microsoft OCSP Administration Protocol consists of a set of DCOM interfaces [MS-DCOM] that allows administrative tools to configure the properties of a responder.

A responder is a server implementation of the Online Certificate Status Protocol (OCSP). A responder can be configured to provide revocation information for certificates issued by one or more certificate authorities (CAs) by creating a revocation configuration for each CA key. A responder also has properties that apply generically across all revocation configurations. These properties are sometimes referenced as "responder-wide" properties or simply responder properties.

Using this protocol, administrative tools can perform such functions as getting or setting responder properties, creating and removing revocation configurations, and retrieving signing certificates from a responder.

The participants in this protocol are as follows:

  • Online Responder computer.

  • Administrator computer: A client computer that performs remote configuration or administration tasks on the Online Responder computer.

The protocol uses the IOCSPAdminD DCOM interface, which offers the 10 methods documented in the following sections. These methods allow the administrator to set and retrieve properties, set and retrieve security information, and to test whether the service is responding.