Re: Publish a CRL to another web site when using a Web Enrollment Prox
From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: 04/20/05
- Next message: Galen: "Re: Security on Windows 2003 Server"
- Previous message: GTD: "Password filter not applied"
- In reply to: S. Pidgorny
: "Re: Publish a CRL to another web site when using a Web Enrollment Prox" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Apr 2005 16:44:36 -0500
In article <ucWoKUXRFHA.3144@tk2msftngp13.phx.gbl>, slavickp@yahoo.com
says...
> You can use Dfs to synchronise files between computers. Alternatively, you
> can point IIS virtual directory to a remote computer (where CRL is located).
>
> If using LDAP CDP in Active Directory, the information gets replicated in
> AD.
>
>
Another option is to create a script that transfers the CRL to the WEb
server. The script can use any transfer protocol and be run at regular
intervals to ensure publication
For example:
certutil -CRL
sleep 3
copy /y %windir%\system32\certsrv\certenroll\*.crt \\webserver\webshare
Run the batch file as a user that is assigned the Manage CA permissions.
Be sure to change the perms on cmd.exe to allow the BATCH account Read
and Read&Execute permissions
Brian
-- == Brian Komar MVP - Windows - Security http://www.identit.ca/blogs/brian
- Next message: Galen: "Re: Security on Windows 2003 Server"
- Previous message: GTD: "Password filter not applied"
- In reply to: S. Pidgorny
: "Re: Publish a CRL to another web site when using a Web Enrollment Prox" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
