You have two servers named Server1and Server2.
Both servers run Windows Server 2008 R2.
Server1is configured as an enterprise root certification authority (CA).
You install the Online Responder roleservice on Server2.
You need to configure Server1 to support the Online Responder.
What should you do?
A.
Import the enterprise root CA certificate.
B.
Configure the Certificate Revocation List Distribution Point extension.
C.
Configure the Authority Information Access (AIA) extension.
D.
Add the Server2 computer account to the CertPublishers group.
Explanation:
Answer.Configure the Authority Information Access (AIA) extension.
http://technet.microsoft.com/en-us/library/cc732526.aspx
Configure a CA to Support OCSP Responders
To function properly, an Online Responder must havea valid Online Certificate Status Protocol (OCSP)
Response Signing certificate. This OCSP Response Signing certificate is also needed if you are using anonMicrosoft OCSP responder.
Configuring a certification authority (CA) to support OCSP responder services includes the following steps:
1. Configure certificate templates and issuance properties for OCSP Response Signing certificates.
2. Configure enrollment permissions for any computers that will be hosting Online Responders.
3. If this is a Windows Server 2003–based CA, enablethe OCSP extension in issued certificates.
4. Add the location of the Online Responder or OCSP responder to the authority information access extension
on the CA.
5. Enable the OCSP Response Signing certificate template for the CA.
..
To configure a CA to support an Online Responder orOCSP responder services:
1. Open the Certification Authority snap-in.
2. In the console tree, click the name of the CA.
3. On the Action menu, click Properties.
4. Click the Extensions tab.
5. In the Select extensionlist, clickAuthority Information Access (AIA)and then click Add.
6. Specify the locations from which users can obtaincertificate revocation data, such as http://computername/
ocsp.
7. Select the Include in the online certificate status protocol (OCSP) extension check box.
8. In the console tree of the Certification Authority snap-in, right-click Certificate Templates, and then click New
Certificate Templates to Issue.
9. In Enable Certificate Templates, select the OCSP Response Signing template and any other certificate
templates that you configured previously, and then click OK.
10.Double-click Certificate Templates, and verify that the modified certificate templates appear in the list.