Re: CRL Checking for VPN

From: Scott R (srenegar@maydaysecurity.com)
Date: 06/19/02

• Next message: Dmitri: "can't see logon/logoff events"
• Previous message: Reto Barandun: "Active Directory PC Lock down"
• In reply to: Michael [MS]: "Re: CRL Checking for VPN"
• Next in thread: Michael [MS]: "Re: CRL Checking for VPN"
• Reply: Michael [MS]: "Re: CRL Checking for VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Scott R" <srenegar@maydaysecurity.com>
Date: Wed, 19 Jun 2002 06:12:05 -0700

>-----Original Message-----
>If you are comfortable editing your registry here is how
you can force the
>VPN server to check the CRL in
>the published CDP every time. The cached CRL is ignored.
>
>Key:
HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\Oakley
>Value: StrongCRLCheck
>DataType: REG_DWORD
>Data: 1 - Fail if revoked
>2 - Fail for any error
>
>
>
>--
>Michael Eisenhart
>Microsoft Support Professional
>Get Secure!! www.microsoft.com/security
>"Scott R" <srenegar@maydaysecurity.com> wrote in message
>news:10d0401c216f5$fbaea300$35ef2ecf@TKMSFTNGXA11...
>> Does anyone know how to enforce CRL checking with the
>> 2000 VPN solution?
>
>
>.
>Michael,
  Thanks for the help..does this work the same way for
CRL checking for server to client IPSEC connections
through a IPSEC policy?

Thanks in advance...

---

• Next message: Dmitri: "can't see logon/logoff events"
• Previous message: Reto Barandun: "Active Directory PC Lock down"
• In reply to: Michael [MS]: "Re: CRL Checking for VPN"
• Next in thread: Michael [MS]: "Re: CRL Checking for VPN"
• Reply: Michael [MS]: "Re: CRL Checking for VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Certificate revocation in VPN smart card connection under win2003 ... which case it will not fetch a new CRL. ... > BUT you can always disable user (the one that you revoked certificate) or> deny him access to VPN. ... >> I setup a VPN server which allows only smart card user to be ... >> 1.I understand that there is a CRL cache in VPN server,and I delete>> all the ... (microsoft.public.win2000.security) Re: Certificate revocation in VPN smart card connection under win2003 ... short CRL renew time. ... > authenticated in.I have the VPN server,an enterprise ... > I can use smart card to connect to the VPN server successfully,but my ... the Smart card user being refused to connect ... (microsoft.public.win2000.security) Re: Certificate revocation in VPN smart card connection under win2003 ... Certificates are used for authentication, ... user access before a new CRL is published, you will need to use another ... > authenticated in.I have the VPN server,an enterprise ... > problem is:when I revoked the certificate previously issued to the ... (microsoft.public.win2000.security) Re: CRL Checking for VPN ... but I cant find any data that says that specifically. ... The cached CRL is ignored. ... > CRL checking for server to client IPSEC connections ... (microsoft.public.win2000.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.win2000.security  > 2002-06