Wednesday, 5 July 2017

Windows server 2008 R2 and OSCP

So I was working on cleaning up some CAs and subCAs recently and came across this interesting bit of info.
An Online Responder can be installed on any computer running Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 Enterprise, or Windows Server 2008 Datacenter
so whilst a CA won't stop you / warn you about enabling OSCP links in the AIA section, it will only work if the specified http:// link defined in the AIA section is hosted on a ENT or DC version of server 2008 R2, and if you enable OSCP via the link then various systems will take that as preferred then fail if the responder service is not running.

ref https://technet.microsoft.com/en-us/library/cc725937%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396