Forum Discussion
CirrusLoad balancing Microsoft Certificate Server invironment
I have an internal ADCS environment with a offline root CA, 2 Enterprise Intermediate CA's and (soon to be) 2 OCSP responders. I would like to design an configuration where certificate requests are load balanced between the two Intermediate CA's and OCSP responses are load balanced between the two OCSP responders. Have found very little info regarding design examples or suggestions regarding this. Has anyone had any experience in setting this up?
Much Thanks ! Mark
2 Replies
dsisco_214579Nimbostratus
Has anyone been able to help with this question?
Yann_DesmarestHi,
I strongly not recommend to configure load balancing to manage certificate lifecycle. Are you configuring ADCS clustering or do you have only 2 different Intermediate CA. Are you using SCEP ?
But, if you really need to loadbalance your CAs, you can create a "Performance L4" VS, assign a pool containing both CA members and add source address persistence to your VS.
Depending on the certificate delivery workflow, you will not be able to guarantee that the user come to the same CA during the whole enrollment process.
You can load balance OCSP request to ocsp responders and of course CRL distribution points to (recommended for security reason) an external website (can be ocsp responders)
