Load Balancing OCSP Responder Pool
I am trying to determine a valid http get command to implement as a health monitor for load balancing 2 Windows 2012 OCSP Responders. I am using fiddler to generate http (get http://ocspresponder/ocsp/ee/ocsp) requests though even when I stop the responder service I still get a 200. The reason I am trying to make this work is that OCSP and CRL will be installed on the same server though the preference is OCSP. In the event OCSP fails, I want the virtual server to fail and then attempt CRL. There are 2 seperate NIC's (one for OCSP and one for CRL) so I have created 2 different virtual servers which are both listening on 80. Also, I am not using OCSP or CRL profiles as many applications that require certificate validation are not load balanced by the Big IP. Any feedback is appreciated. Thank you in advance!
I believe an OCSP GET request has to be real (or real-looking). For example, here is how to build an OCSP request for redhat's OCSP.
How to Build OCSP Request - RedHat
Hopefully there would be a similar tool for Windows.
You could also capture a real OCSP request from a browser and then replay that as the monitor request.