Re: CDP(CRL Distribution Point)

From: krish shenoy[MS] (kshenoy_at_online.microsoft.com)
Date: 06/25/03

• Next message: Steven L Umbach: "Re: Echo packets"
• Previous message: Andrew zhu: "Any CLI comand for IPSec configuration?"
• In reply to: Lydia: "CDP(CRL Distribution Point)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Jun 2003 18:39:04 -0700

The CDPs are tried in order starting with the first one for 30 seconds and
the second for 15 seconds. Your best bet would be to put the fastest
accessible CDP first in the list.

-- 
This posting is provided "AS IS" with no warranties and confers no rights.
Use of any included samples is subject to the terms specified at
http://www.microsoft.com/info/copyright.htm"
"Lydia" <popovici@atlas.arc.nasa.gov> wrote in message
news:03a801c33aa4$fa1eb5b0$a501280a@phx.gbl...
> Greeting,
>
> I'm currently looking to see if anyone had any problems
> with multiple CDPs that are listed in the certificates.
> We created certificates that will be used for smartcard
> logon purpose.  The smart card logon works, but only
> getting the crl from the first CDP.  If the first CDP, for
> instance a web server is down, Microsoft comes up with a
> message saying:  "Your credentials cannot be checked".  It
> never goes to get the crl file from the second CDP listed
> in the certificate.  I check the logs to see if the CDP
> sites were hit.  Only the first one was hit.  I had
> recovered the user and reverse the CDP to make sure that
> both CDPs are workable.  In both cases the first CDP was
> always hit, regardless if it was an LDAP or an HTTP.
>
> Another questions,
>
> Is there a specific format that Microsoft recommends for
> CDPs when listed in the certificates?  Our certificates
> come from a third party CA.  We used instruction from
> Microsoft white papers to enable smart card logon with
> third party CA.
>
> Thanks,
>
> Lydia

• Next message: Steven L Umbach: "Re: Echo packets"
• Previous message: Andrew zhu: "Any CLI comand for IPSec configuration?"
• In reply to: Lydia: "CDP(CRL Distribution Point)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Possible to override CDP in Certificate? ... > Can I use the Certmgr.exe to do what you suggested (import a .CRL into> the Intermediate CA store)? ... Can you provide the> exact command line for doing this, assuming that the .CRL was named ... >> 2) What if some of the client certificates do have the CDP? ... (microsoft.public.platformsdk.security) RE: renewing web certificates ... Only a single CDP and AIA path are required in issued certificates ... no paths are required in the Root CAs certificate). ... request a new sub ca cert hopefully installing a new cert with only the ... (microsoft.public.windows.server.general) Re: Possible to override CDP in Certificate? ... The revocation checking code I refer to is part of CryptoAPI. ... If some of the client certificates have a CDP, ... (microsoft.public.platformsdk.security) CDP(CRL Distribution Point) ... with multiple CDPs that are listed in the certificates. ... getting the crl from the first CDP. ... Only the first one was hit. ... (microsoft.public.win2000.security) Re: Possible to override CDP in Certificate? ... What if some of the client certificates do have the CDP? ... the Intermediate Certification Authorities store? ... > download the corresponding CRL and install it in the current user or local ... (microsoft.public.platformsdk.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint