Re: Client Certificates Deleted after 2003 upgrade.

From: Ohaya (ohaya_at_NO_SPAM.cox.net)
Date: 11/14/03 

Date: Fri, 14 Nov 2003 17:59:39 -0500

Hi,

I'm assuming that when you say that "none of the user certificates are
present" in your 2nd paragraph, you mean that they don't show up under
the "Issued" certs? I don't understand why that would happen, but one
thing that might've caused the situation that you described in your 1st
paragraph is if the CRL either expired, or if IIS couldn't access the
CRL (which was presumably on the Cert Server machine).

If the CRL expires, basically IIS will "clamp down" security, and assume
that ALL client certs are revoked. That's why, if you run your own Cert
Server, and have CRL checking enabled (which it is by default with IIS),
you have to publish new CRLs periodically (which Cert Server will
normally do automatically, I think).

You might want to try to just force a Publish of a new CRL using Cert
Server, and see if that gets things going again. Publishing a new CRL
would cause Cert Server to write out a new .CRL file, with new dates.

rlasker3 wrote:
>
> I have a Enterprise Root CA on a separate machine from IIS. After upgrading
> to 2003 it was working fine for about two days. Today I went to access the
> site and it told me that the Client Certificate that I've been using to
> access the secure site has been revoked.
>
> When I loged into the Root CA Certificate Server it told me that it needed
> to upgrade. I said yes and then when I went into the Certificate Server none
> of the user certificates are present. They are all gone. Is there a way to
> import the *.cer files to fix this? Or am I forced to issue all new
> certificates to my users?

Relevant Pages