Any CA registered within an ADSS OCSP Repeater Server MUST also be registered in a central ADSS OCSP Server with the D-OCSP settings enabled. Enabling the Distributed OCSP option for a CA tells ADSS Server to pre-compute the OCSP responses and make these available to a registered ADSS OCSP Repeater Server. The ADSS OCSP Repeater Service synchronizes with the central OCSP Service in order to obtain the latest pre-computed responses. 

For Distributed OCSP to work the issuer CA must issue certificates with sequential serial numbers, otherwise the OCSP responses cannot be computed.  

Ask support for details of how this will be handled in future using full certificate status handling.


See also

Step 1 - Generating Keys and Certificates
Step 2 - Registering CAs
Step 3 - Configuring CRL Monitor
Step 5 - Registering Trusted CAs for OCSP Repeater Service
Step 6 - Using the Service Manager