Re: IIS 6 behavior on checking clients' certificates (again)
From: Brian Komar [MVP] (bkomar_at_nospam.identit.ca)
Date: 09/20/05
- Next message: Steven L Umbach: "Re: RPC Server Unavailable When Requesting Computer Certificate"
- Previous message: Terry Barkoulas: "Junction Points and ACLs"
- Maybe in reply to: Brian Komar [MVP]: "Re: IIS 6 behavior on checking clients' certificates (again)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Sep 2005 11:51:56 -0500
In article <C2F7B1B2-FEA3-4192-83F4-C50605726FF9@microsoft.com>,
Vsevolod@discussions.microsoft.com says...
> "Brian Komar [MVP]" wrote:
> > >
> > Why would you even consider turning of CRL checking?!?!?!?!?
> >
> > You are taking the chance of using a revoked certificate! Fix your delta
> > CRL publication issue instead.
>
> I'm not taking the chance of using a revoked certificate because
> sertificate status is checked online on the application level using OCSP.
> Thus our cerificates have no CDP & AIA extensions.
>
>
> BR,
> Vsevolod.
>
>
If you are using OCSP, then the AIA extension would have the OCSP
server's URL. You still have a misconfigured PKI.
BTW, this is the first and only mention of OCSP in this thread
Brian
- Next message: Steven L Umbach: "Re: RPC Server Unavailable When Requesting Computer Certificate"
- Previous message: Terry Barkoulas: "Junction Points and ACLs"
- Maybe in reply to: Brian Komar [MVP]: "Re: IIS 6 behavior on checking clients' certificates (again)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
