Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Microsoft Online Certificate Status Protocol (OCSP)

Verifying auto-enrollment

search

Verifying auto-enrollment

This section describes how to verify auto-enrollment.

Verification of auto-renewal involves the expiration of the generated certificate and renewal of the certificate using a new key pair. Verify that auto-enrollment of a newly generated certificate is operating successfully by completing the procedures described below.

View a generated certificate and key pair

To verify that auto-enrollment of a newly generated certificate is operating successfully, view a generated certificate and key pair.

To view a generated certificate and key pair

  1. Log on to OCSPSERV as a domain administrator.

  2. Select Search, enter MMC, and press Enter to open the console.

  3. In the mmc console, select File and select Add/Remove Snap-in….

  4. In the Add or Remove Snap-Ins dialog box, find the Certificate snap-in (under the Available snap-ins section) and select it.

  5. Select Add, select Service Account and select Next.

  6. Select Local Computer, and select Next.

  7. Under Certificate Snap-in, select the Online Responder Services in Service Account and select Finish.

  8. Select OK and expand the Online Responder Services tree.

  9. Expand the OCSPSvc\CertificateName (for example, “OCSPSvc_test_”) and double-click on Certificates.

  10. A certificate displays, double-click the certificate to view the properties of the certificate.

  11. Select the Details tab and verify the Valid From and Valid To date of the certificate. It will state that the certificate expires in the next four hours.

  12. ProtectServer 3 HSM slot shows the key pair for CA certificate and Online Responder service certificate.

    Wait for four hours to verify the auto-renewal of the certificate because the validity period of the certificate is four hours.

View a renewed certificate and key pair

After four hours have passed, you can verify that the Valid From and Valid To dates of the certificate have been updated. The new certificate is valid for the next four hours, and a new key pair on ProtectServer 3 HSM slot for the renewed certificate has been generated.

This demonstrates that the certificate renews automatically every four hours.

Note

It was set for four hours for testing purposes only, but in a production environment, it is recommend to set the validity periods as required by your organization’s security infrastructure.

On this page