revoking ipsec certificate doesn't work
From: Franz Schenk (franz.schenkNOSPAM_at_fititNO-_SPAM.ch)
Date: 09/15/05
- Next message: Steven L Umbach: "Re: revoking ipsec certificate doesn't work"
- Previous message: phil.george999_at_gmail.com: "VBScript program loses network access"
- Next in thread: Steven L Umbach: "Re: revoking ipsec certificate doesn't work"
- Reply: Steven L Umbach: "Re: revoking ipsec certificate doesn't work"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 15 Sep 2005 16:01:41 +0200
imagine the following scenario:
- have a Windows 2003 SP1 VPN Server with standalone or enterprise
certification authority, allowing only L2TP/IPSec connections with
certificate based authentication.
- have an external company that has a computer with an installed computer
IPSec certificate from our CA for VPN access.
- The external company has knowledge of several user accounts/password that
have VPN dial in permissions to our VPN server.
- Need to disable VPN access for this external company as fast as possible.
But it's not possible to change all these user accounts/passwords.
Thought that this one is easy: Go to the certification authority, revoke the
certificate that was issued to the computer of the external company, then
manually publish the CRL and delta CRL.
Have tested this scenario, doesn't work at all. The computer from the
external company still has the IPSec certificate after several hours and
several reboots, and is able to connect to the VPN server.
Any advice, aolutions, suggestions?
Thank you all in advance for your help!
Franz
- Next message: Steven L Umbach: "Re: revoking ipsec certificate doesn't work"
- Previous message: phil.george999_at_gmail.com: "VBScript program loses network access"
- Next in thread: Steven L Umbach: "Re: revoking ipsec certificate doesn't work"
- Reply: Steven L Umbach: "Re: revoking ipsec certificate doesn't work"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
