Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2013-08-28) Automated/Unattended Installation Of OCSP (Part 5)

Posted by Jorge on 2013-08-28


Click here for part 4

When using option [1] or [2], lets assume you want to have more than one OCSP server servicing the Revocation Configurations of each configured CA. After adding all revocation configurations you can add more OCSP members to the OCSP array. The first OCSP server hosting the revocation configurations is by default the array controller when adding additional OCSP members to the array. So this action, or the next script, needs to be executed on the OCSP array controller.

REMARK: A “BIG THANK YOU!” goes to Vadim Podans for helping me out in defining the correct format of the values being written to the ArrayMembers property.

# Get The Info Of The Local Server $ocspServerFQDN = $(Get-WmiObject -Class Win32_ComputerSystem).Name + "." + $(Get-WmiObject -Class Win32_ComputerSystem).Domain # Put The OCSP Configuration In An Object $ocspAdmin = New-Object -com "CertAdm.OCSPAdmin" $ocspAdmin.GetConfiguration($ocspServerFQDN, $true) # Retrieve The Current OCSP Array Member(s) $currentArrayMembers = $ocspAdmin.OCSPServiceProperties.Item(2).Value # Define The ADDITIONAL OCSP Array Members $newArrayMembers = @("R2FSMBSV2.ADDMZ.LAN") # Define The Total List Of Array Members [string[]]$totalListArrayMembers = $currentArrayMembers + $newArrayMembers # Write The New Total List Of Array Members $ocspAdmin.OCSPServiceProperties.Item(2).Value = $totalListArrayMembers # Commit The Changes $ocspAdmin.SetConfiguration($ocspServerFQDN, $true)

image_thumb133_thumb[1]_thumb_thumb

Figure 1: Configuring Additional OCSP Array Members On The Array Controller

Now open/start the “Online Responder Management” MMC. You will immediately get an array controller mismatch message as shown below

image_thumb137_thumb[1]_thumb_thumb

Figure 2: Array Controller Mismatch Message

Continued in part 6 “(2013-08-29) Automated/Unattended Installation Of OCSP (Part 6)

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

2 Responses to “(2013-08-28) Automated/Unattended Installation Of OCSP (Part 5)”

  1. […] (2013-08-26) Automated/Unattended Installation Of OCSP (Part 3) (2013-08-28) Automated/Unattended Installation Of OCSP (Part 5) […]

  2. […] « (2013-08-28) Automated/Unattended Installation Of OCSP (Part 5) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: