Re: *** CRL Cache Checking When CDP Is LDAP Based ***

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 09/20/03


Date: Sat, 20 Sep 2003 08:38:56 -0700


It is very difficult to detect CRLs in the cache unless you do this
programatically; especially LDAP CRLs which are binary objects and may be in
the memory cache.

More information:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/WinXPPro/support/tshtcrl.asp

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"Didier Wenger" <bouba@infomaniak.ch> wrote in message
news:bivdr7$gke$1@rex.ip-plus.net...
> Hi There,
>
> I revoked several certificates on my Server 2003 Enterprise Root CA and
> forced a new publication of CRL from the MMC. I have an XP client that is
> downloading this CRL from my Active Directory (there's only 1 defined CDP
> which is LDAP based). I'd like to verify what CRL is in the cache of that
XP
> client but I don't know how ?
>
> Is there some way to do it with Certutil ?
>
> Thank you in advance for your replies,
> Didier
>
>


Relevant Pages

  • Re: *** CRL Cache Checking When CDP Is LDAP Based ***
    ... from the windows server 2003 administration tools pack to view some ... The following will forcibly load the cache for the specified URL: ... Add -v to any of the above to display the CRL content. ... > It is very difficult to detect CRLs in the cache unless you do this> programatically; especially LDAP CRLs which are binary objects and may be in> the memory cache. ...
    (microsoft.public.platformsdk.security)
  • Re: How to refresh CRL cache?
    ... CRL cache cannot be refreshed. ... "David Truong" wrote in message ... > with certificate signed by Microsoft CA, ...
    (microsoft.public.win2000.security)
  • Re: Certificate revocation in VPN smart card connection under win2003
    ... which case it will not fetch a new CRL. ... > BUT you can always disable user (the one that you revoked certificate) or> deny him access to VPN. ... >> I setup a VPN server which allows only smart card user to be ... >> 1.I understand that there is a CRL cache in VPN server,and I delete>> all the ...
    (microsoft.public.win2000.security)
  • Re: CRL cache, help me elucidate this mystery, please !
    ... revoke a user smartcard certificate. ... logon to a client with cached credentials when it is off the network, no CRL ... > Is there any other cache that I don't know of ??? ...
    (microsoft.public.platformsdk.security)
  • Re: CRL in cache, how to force download ?
    ... "Didier Wenger" wrote in message ... > was in the cache but I don't know any way to reload the CRL into the ... > "certutil -urlcache CRL" it tells me that nothings is loaded in the cache. ... > another magic Certutil command but I've nearly tried them all :-) ...
    (microsoft.public.platformsdk.security)