I need to figure out how certificate revocation works on IIS. Certificate we are working with contains both url to CRL and OCSP.
- As I understand by default IIS uses CRL to verify if certificate is revoked, is that right? if it's true - can I just enable OCSP without stapling?
- Can I configure IIS to use OCSP if we are unable to check revocation via CRL?
- How can configure this only for specific site?
