Sometimes it is necessary to verify a signature certificate of an online responder, for example when the connection to the (if present) Hardware Security Module (HSM) has to be verified. The online responder uses its own certificate store when the certificates are automatically retrieved from a certificate authority.
The Online Responder (Online Certificate Status Protocol, OCSP) is an alternative way of providing revocation status information for certificates. Entities that want to check the revocation status of a certificate do not have to download the complete list of all revoked certificates thanks to OCSP, but can make a specific request for the certificate in question to the online responder. For a more detailed description, see the article "Basics Online Responder (Online Certificate Status Protocol, OCSP)„.
Insight via the Microsoft Management Console
The certificate store can be viewed via Microsoft Management Console (MMC).
You add a new snap-in.
Select the Certificates snap-in and click Next.
Then select that you want to view the certificate store of a service account and click Next.
Select the local computer and click Next.
In the list of services, select the Online Responder Service and click Next.
The signature certificates are located under OcspSvc\_{name of revocation configuration}_.
Insight via command line
You can verify the signing certificate from the command line with the following command:
certutil ^
-verifystore ^
-service ^
-service " OcspSvc\_{name of the lock configuration}_ " ^
{thumbprint-of-the-certificate}
Note that the -service argument must be listed twice.
The thumbprint of the signing certificate can be identified from the previously opened management console. It is located in the Details tab of the respective certificate.
English 
Deutsch