Hi,
I'm looking for info on configuring OCSP stapling of revocation info for my SSL enabled site. my web site is hosted in IIS v7.5 in windows server 2008 R2 standard. I found some evidence that implies stapling is on by default in IIS 7.x if the cert contains OCSP info, but I can't seem to confirm it anywhere. So I have a couple of questions I'm trying to find answers for:
1) Is OCSP stapling really enabled by default in IIS 7.x for certificates and clients that support it?
2) How can I toggle it to disabled/enabled as needed?
I know someone has asked the same question in IIS forum. http://forums.iis.net/p/1189266/2045843.aspx/1?p=True&t=634991820068316579 and was asked to post in MS forum. But after I posted in MS forum http://answers.microsoft.com/en-us/windows/forum/windows_other-networking/how-to-disable-ocsp-stapling-in-iis75/c4319b9d-3f2e-4216-928c-57833ff1e798 MS guy asked me to ask in IIS forum.
Any help? Many thanks.