Re: MS CA service and publish CRL and AIA
From: stefan hammar (stha_vilan_at_hotmail.com)
Date: 06/10/03
- Next message: Vincent Brown: "Re: Account Lockout"
- Previous message: Pedro Bisca: "Equals profiles"
- In reply to: Vishal Agarwal[MSFT]: "Re: MS CA service and publish CRL and AIA"
- Next in thread: Vishal Agarwal[MSFT]: "Re: MS CA service and publish CRL and AIA"
- Reply: Vishal Agarwal[MSFT]: "Re: MS CA service and publish CRL and AIA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Jun 2003 04:53:06 -0700
Hi Vishal
We have a windows 2000 AD server with CA, not a
windows 2003 server.
IE hangs on windows xp sp1 specification:
RIS installation: Eng. Windows xp sp1 with swedish MUI
Added after the RIS installation: Office XP sp2 with
swedish MLP
Thanks,
Stefan Hammar
>-----Original Message-----
>You need to add a file share (pointing to the virtual
root directory on the
>servers) as a CDP and AIA extension and check the box
for publishing the CRL
>to the location (don't check the boxes for including
the link in issued
>certificate and CRL's). Add another http CDP and AIA
location while only
>checking the boxes to include the link in issued
certificate and CRL's).
>
>Can you provide us the repro steps for IE hang on XP SP1?
>
>Thanks,
>Vishal [MSFT]
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights
>"stefan hammar" <stha_vilan@hotmail.com> wrote in message
>news:100101c32b6b$0d684c60$a501280a@phx.gbl...
>> Hi Vishal
>> 1. On the CAserver (internal server, not published by
ISA
>> to the Internet)
>> - Certification Authority
>> - Root CA and properties
>> - Policy module, configure, x509 extension
>> - Add CDP, Mail.skogforsk.se/sfca/sfrootca.crl
>> - Add AIA , mail.skogforsk.se/sfca/sfrootca.crt
>> - Restart CA
>> - Publish revoked certificates
>> 2. On the mail.skogforsk.se server (external server,
>> published by ISA server)
>> - An IIS virtual folder sfca
>> - NTFS security
>> Administrators and system, full control
>> Internet guest account, read and execute
>> CAserver$, modify
>> - IIS Virtual dir.
>> Read, write, dir. browsing, log
>> 3. On the ISA server
>> - Web publish mail.skogforsk.se/sfca
>>
>> The problem is that the sfca folder is not updated with
>> files from the CAserver CA-service.
>>
>> How can I verify that an external IE client with a
>> Skogforsk certificate can see the published CRL and
AIA?
>>
>> And generally, we have a BIG problem with Windows XP
sp1 IE
>> IE hangs the desktop! Sites with SSL, java and ActiveX
are
>> candidates ... w2k clients have no problems with the
same
>> sites!
>>
>> Thanks, from a sunny Sweden
>> Stefan
>>
>>
>>
>>
>>
>>
>> >-----Original Message-----
>> >I havn't looked at the KB article, could you please
>> explain what steps you
>> >did to publish the CRL and AIA files to the new
location?
>> >
>> >If revocation information is not available for a CA,
then
>> the certificate
>> >issued by that CA will not be trusted (if the
application
>> is checking the
>> >revocation status). I havn't heard of any case where
IE6
>> hangs.
>> >
>> >Thanks,
>> >Vishal [MSFT]
>> >
>> >--
>> >This posting is provided "AS IS" with no warranties,
and
>> confers no rights
>> >"Stefan Hammar" <stha_vilan@hotmail.com> wrote in
message
>> >news:0fdf01c32a75$b9211880$a101280a@phx.gbl...
>> >> Hi experts
>> >> I'm trying to publish CRL and AIA to Internet.
>> >> Used MS KB318707 and 23161 to change the location
of the
>> >> CRL and AIA files. The new location is a new virtual
>> >> directory on another IIS server (Web published by
ISA
>> >> server to the Internet).
>> >> But
>> >> The problem is that the new location is not updated
with
>> >> CRL and AIA files?
>> >> - CA is restarted
>> >> - I have published the revocation list manually
>> >> - Windows 2000 server with sp3
>> >>
>> >> IS it true that if the revocation list is not
published
>> >> for a CA the IE 6 on windows XP sp1 will hang the
>> >> computer ...?
>> >>
>> >> I'm a technet plus user but many of my posting are
not
>> >> answered?
>> >>
>> >> Thanks Stefan
>> >>
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: Vincent Brown: "Re: Account Lockout"
- Previous message: Pedro Bisca: "Equals profiles"
- In reply to: Vishal Agarwal[MSFT]: "Re: MS CA service and publish CRL and AIA"
- Next in thread: Vishal Agarwal[MSFT]: "Re: MS CA service and publish CRL and AIA"
- Reply: Vishal Agarwal[MSFT]: "Re: MS CA service and publish CRL and AIA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
