Re: CAn CRL and GPO
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 23 Feb 2006 19:54:06 -0600
You may want to consider an Enterprise CA for an AD domain as it has several
advantages and you could still use your stand alone root CA with the
Enterprise CA being a subordinate CA to it if your security needs dictate
such. According to the article below if your CA is a domain member installed
by a domain administrator it should publish the CRL to AD. If that is not
the case see the second link below on how to do it using dsstore for Windows
2000 and the last link to use certutil.exe -dspublish for Windows
03. --- Steve
http://technet2.microsoft.com/WindowsServer/en/Library/799053d3-2be3-4728-beff-71c82f69dc381033.mspx
http://support.microsoft.com/?kbid=271386
http://technet2.microsoft.com/WindowsServer/en/Library/073732b5-80f0-4cf0-bc8e-d8e055ce26491033.mspx
"fabrice" <emouchet@xxxxxxxx> wrote in message
news:%23CEz1MFOGHA.3284@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have just installed a stand-alone CA. For security, it is a stand alone
server. not integrated in my local domain.
Domain users use outlook (2000, XP, and 2003) as mailer software.
Is there a way to force Outlook to consult the CRL, published by ma
stand-alone CA.
Can I publish revocated certificates in my Active Directory or in share
directory ?
Can I use GPO ?
thanks for your help.
fabrice
.
- References:
- CAn CRL and GPO
- From: fabrice
- CAn CRL and GPO
- Prev by Date: Re: CTRL-ALT-DEL SCREEN VANISHES
- Next by Date: Re: Group Policy Restrict All Drives
- Previous by thread: CAn CRL and GPO
- Next by thread: Re: CAn CRL and GPO
- Index(es):
Relevant Pages
|
