Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise root certification authority (CA) on a server that runs Windows Server 2016.
You need to configure the CA to support Online Certificate Status Protocol (OCSP) responders.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Add a new certificate template to issue.
B. Modify the Authority Information Access (AIA) of the CA.
C. Configure an enrollment agent.
D. Install a standalone subordinate CA.
E. Modify the CRL distribution point (CDP) of the CA.
161given answer is correct..
Once the OCSP service is configured, we need to configure the OCSP Response Signing template.
This process includes adding an Authority Information Access (AIA) extension and then issuing a new certificate template.
The AB answer is correct: https://www.itsfullofstars.de/2016/07/ocsp-part-4-configure-ca-to-support-ocsp-responders/
According to the reference it should be B and C.
Configure ‘enable the Certificate Services Client – Auto-Enrollment policy’
Hello, can you paste the reference, please ? Tks !!
According to the reference given in the answer, options A and B are correct.