PowerShell PKI Module Documentation
Documentation HomeSet-OnlineResponderProperty
Synopsis
Changes Online Responder global configuration.
Syntax
Set-OnlineResponderProperty [-OnlineResponder] <OcspResponder[]> [[-MaxRequestEntryCount] <Int32>] [[-MaxCacheEntryCount] <Int32>] [[-ThreadCount] <Int32>] [[-MaxRequestSize] <Int32>] [[-RequestFlag] <OcspResponderRequestFlags>] [[-AuditFlag] <OcspResponderAuditFilter>] [[-LogLevel] <OcspResponderLogLevel>] [-TraceDebug] [-MakeArrayController] [<CommonParameters>]
Description
Changes Online Responder global configuration. Global configuration applies to Online Responder and all stored revocation configurations. For revocation configuration specific settings, use Set-OnlineResponderRevocationConfiguration command.
Parameters
-OnlineResponder <OcspResponder[]>
Specifies the Online Responder object to modify. This object can be retrieved by calling Connect-OnlineResponder command.
| Required? | True |
| Position? | 0 |
| Default value | |
| Accept pipeline input? | true (ByValue, ByPropertyName) |
| Accept wildcard characters? | False |
-ThreadCount <Int32>
Specifies the number of simultaneous OCSP requests that can be served by the Online Responder. By default, 50 simultaneous OCSP requests are allowed.
| Required? | False |
| Position? | 3 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-MaxRequestSize <Int32>
Specifies the maximum size of OCSP request in bytes, that is allowed to be processed on the server. If value is zero (0), then server will attempt to process incoming request of any size. Average size of unsigned request with single certificate in request is around 80-100 bytes. Average size of signed request is around 2-4kb.
| Required? | False |
| Position? | 4 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-AuditFlag <OcspResponderAuditFilter>
Specifies the set of flags that identify the responder events for which the security audit is performed.
Note: in order to get events logged to security event log, an "Audit Certification Services" audit subcategory must be enabled in "Audit Object Access" audit category in group policies.
| Required? | False |
| Position? | 6 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-LogLevel <OcspResponderLogLevel>
Specifies the logging level on Online Responder.
| Required? | False |
| Position? | 7 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-TraceDebug <SwitchParameter>
Specifies whether the tracing for errors on Online Responder is enabled or not.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-MakeArrayController <SwitchParameter>
Promotes specified Online Responder to Array Controller role. Existing array controller is attempted to contact. If existing array controller is reachable, it is automatically demoted from array controller role. Otherwise, administrators are responsible to demote non-reachable array controller from its role.
Note: if this switch parameter is specified and set to False, no action is performed.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-MaxRequestEntryCount <Int32>
Specifies the maximum number of request entries in OCSP request message. By default, one request entry is allowed per OCSP request.
| Required? | False |
| Position? | 1 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-MaxCacheEntryCount <Int32>
Specifies the maximum number of OCSP responses cached by Online Responder. Recommended value is between 1,000 and 10,000 entries.
When Online Responder receives OCSP request, it checks if requested serial number is in cache. If serial number is found in cache, Online Responder returns cached OCSP response instead of generating and signing a new one. This cache significantly reduces the load on Online Responder.
Note: cache is ignored when incoming OCSP request contains Nonce and revocation configuration accepts Nonce fields. When Nonce is presented and allowed by revocation configuration, a new OCSP response is generated and signed.
| Required? | False |
| Position? | 2 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-RequestFlag <OcspResponderRequestFlags>
Specifies the request handling configuration on Online Responder server.
| Required? | False |
| Position? | 5 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
SysadminsLV.PKI.Management.CertificateServices.OcspResponder
Outputs
SysadminsLV.PKI.Management.CertificateServices.OcspResponder
Notes
Examples
Example 1
PS C:\> Connect-OnlineResponder -ComputerName "ocsp3.example.com" | Set-OnlineResponderProperty -MakeArrayController
Promotes Online Responder on "ocsp3.example.com" to array controller role. Existing array controller is attempted to contact. If existing array controller is reachable, it is automatically demoted from array controller role.
Example 2
PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Set-OnlineResponderProperty -AuditFlag "RequestReceive, StartAndStop"
Enables Online Responder audit for Online Responder service start/stop events and for each incoming OCSP request.
Example 3
PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Set-OnlineResponderProperty -MaxRequestEntry 2 -MaxRequestSize 1kb -MaxCacheEntries 50000
This example configures Online Responder on "ocsp1.example.com" to a) support up to 2 request entries (serial numbers) in OCSP request message, b) limits OCSP request size to 1kb (1024 bytes) and c) sets internal response cache to store up to 50k responses.
Related links
Connect-OnlineResponder
Set-OnlineResponderRevocationConfiguration
Minimum PowerShell version support
- Windows PowerShell 3.0
Operating System Support
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions
- Windows Server 2019 all editions
- Windows Server 2022 all editions