Re: Certificate Server Revocation Process

From: Fred Yarbrough (fyarbrou@yahoo.com)
Date: 04/19/03


From: "Fred Yarbrough" <fyarbrou@yahoo.com>
Date: Fri, 18 Apr 2003 17:39:37 -0500


Guogang,
    Yes I think so. I see it as a URL that was installed by default by the
Certificate Server installation process
(http://%server_dns_name%/CertEnroll/%CA_Name%%CRL_suffix%.crl). I can
browse to this file from the browser and it prompts me to either Open it or
Save it. I also found an article that is fairly detailed at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/WinXPPro/support/tshtcrl.asp.

    I am researching this but it just does not behave like I would have
expected.

Thanks
Fred

"Guogang" <nospam@no_such_domain.com> wrote in message
news:eCUZNXfBDHA.1156@TK2MSFTNGP12.phx.gbl...
> 1. Do you have CRL distribution point in your certificate?
> 2. Your CRL publication is not real time. It will be published at next
> scheduled time.
>
> "Fred Yarbrough" <fyarbrou@yahoo.com> wrote in message
> news:eQbYvQfBDHA.2264@TK2MSFTNGP12.phx.gbl...
> > I and using Windows 2000 Server have setup a StandAlone Root CA and
issued
> a
> > certificate to my StandAlone Subordinate CA. From my StandAlone
> Subordinate
> > CA I have issued numerous website certificates. Everything appears to
be
> > good to go and working properly. I decided to try and revoke a
> certificate
> > for a website and did so. When I hit the website, there is no
indication
> > that the certificate has been revoked. I would have expected to get
some
> > flashing indication that the webserver was using a REVOKED certificate
and
> > that it was no longer valid. How does this work? Heck, I even went to
> the
> > Root CA and Revoked my Subordinate CA's certificate. It shows up on the
> > Root CA as being revoked but still I see no indication that anything has
> > changed. I am reading about the CRL file but still see no way to
utilize
> > it. How is this supposed to work? I am not finding much info on it
> > anywhere.
> >
> >
> > Thanks,
> > Fred
> >
> >
>
>



Relevant Pages

  • Re: Certificate revokation
    ... Is there a way to revoke a certificate and that the revokation will be ... > delta CRL that can be published every few hours with only the changes ... As long as it is valid clients can cache it and use ...
    (microsoft.public.windows.server.security)
  • Re: Certificate Server Revocation Process
    ... Certificate Server installation process ... Do you have CRL distribution point in your certificate? ... I decided to try and revoke a ... >> flashing indication that the webserver was using a REVOKED certificate ...
    (microsoft.public.win2000.security)
  • Re: How to revoke the root CA certificate ?
    ... This is why protecting the root CA's priv key is so vital. ... have issued any certs for use from the root, so first revoke all certs for ... >>>I have a standalone certificate authority on Windows Server 2003, ... But what certificate is used to sign the CRL... ...
    (microsoft.public.windows.server.security)
  • Re: Revoked Security Certificates
    ... The owner of a certificate can often revoke it him/her self, ... the company no longer wants the certificate to be used, ... > I was trying to purchase a product at a website. ... > alert stating that the site had a revoked security ...
    (microsoft.public.security)
  • Re: How to validate client certificate?
    ... The ideal thing would be to get IIS to check the revocation of the ... certificate for you. ... remains true even if I revoke the cert. ...
    (microsoft.public.dotnet.security)