0

I'm clueless on how does this CRL/OCSP works. We do have a local enterprise CA, and was set on the CRL publication interval to 8 days. As what was told, when the certificate is revoked, it does not immediately apply / update to the user windows & linux machine.

So the following question if anyone can assist:

  1. How do we setup, so as to have the CRL updates automatically to the user machine once a certificate is been revoke?

  2. Can we use GPO to update the CRL?

  3. Where does the CRL cache in the client machine?

  4. Can we setup OCSP in the same enterprise CA server?

Thank you very much.

boxi
  • 1
  • This is very big topic. Start from here https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee619754(v=ws.10)?redirectedfrom=MSDN maybe it will help to narrow down your questions. – kab00m Aug 10 '23 at 12:53
  • yea i do understand that, but the link you shared dont really tells you, will the effect be immediate shows on a user machine after certificate is revoke via CRL. i do know it cache that why there are commands to manually delete it, but my question is more towards to automation. via GPO or if any – boxi Aug 13 '23 at 05:46

0 Answers0