Re: Possible to override CDP in Certificate?

From: Sergio Dutra [MS] (sergiod_at_online.microsoft.com)
Date: 09/12/03

• Next message: Ohaya: "Re: Possible to override CDP in Certificate?"
• Previous message: Ohaya: "Possible to override CDP in Certificate?"
• In reply to: Ohaya: "Possible to override CDP in Certificate?"
• Next in thread: Ohaya: "Re: Possible to override CDP in Certificate?"
• Reply: Ohaya: "Re: Possible to override CDP in Certificate?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 12 Sep 2003 14:19:51 -0700

There is no method to override the CDP in a certificate. You can, however,
download the corresponding CRL and install it in the current user or local
machine Intermediate Certification Authorities (CA) store. The revocation
checking code will first look in the CA store if the certificate being
verified does not have a CDP.

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Ohaya" <ohaya@cox.net> wrote in message news:3F622D8C.97D212BA@cox.net...
> Hi,
>
> We have an IIS-based website that has SSL and client auththentication
> enabled.  However, the client certificates that we are using are not
> created or issued by us, and it turns out, these certificates do not
> have the CRL Distribution Point (CDP) attribute, so when client
> authentication occurs against the client certificates, CRL checking
> doesn't take place.
>
> I've "heard" that is is possible, maybe in CAPICOM or something, to
> override or set the CDP.
>
> Can anyone point me to how this might be done, especially in our (IIS)
> environment?
>
> If not, what other options do we have for incorporating checking a CRL,
> possibly programmatically from some ASP?
>
> Thanks in advance!!!

---

• Next message: Ohaya: "Re: Possible to override CDP in Certificate?"
• Previous message: Ohaya: "Possible to override CDP in Certificate?"
• In reply to: Ohaya: "Possible to override CDP in Certificate?"
• Next in thread: Ohaya: "Re: Possible to override CDP in Certificate?"
• Reply: Ohaya: "Re: Possible to override CDP in Certificate?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Possible to override CDP in Certificate? ... > Can I use the Certmgr.exe to do what you suggested (import a .CRL into> the Intermediate CA store)? ... Can you provide the> exact command line for doing this, assuming that the .CRL was named ... >> 2) What if some of the client certificates do have the CDP? ... (microsoft.public.platformsdk.security) Re: Possible to override CDP in Certificate? ... The revocation checking code I refer to is part of CryptoAPI. ... If some of the client certificates have a CDP, ... (microsoft.public.platformsdk.security) Re: Possible to override CDP in Certificate? ... Can I use the Certmgr.exe to do what you suggested (import a .CRL into ... > 2) What if some of the client certificates do have the CDP? ... > the Intermediate Certification Authorities store? ... (microsoft.public.platformsdk.security) Re: Possible to override CDP in Certificate? ... What if some of the client certificates do have the CDP? ... the Intermediate Certification Authorities store? ... > download the corresponding CRL and install it in the current user or local ... (microsoft.public.platformsdk.security) Re: Changing CA CRLs ... Do client certificates need to be re-issued when authenticating using IIS? ... CDP information in the certificate that is listed/installed in the CTL. ... (microsoft.public.win2000.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)