2

Windows XP | IE 7

Hi guys,

From time to time, I'm seeing the following error come up:

Revocation information for the security certificate for this site is not available. Do you want to proceed?

However when I manually try retrieving the CRL file in IE, it works fine.

Questions:

  • How often does Windows request a CRL for a respective CA?
  • When does this happen?
  • Where is the CRL data cached?

-M

Mike B
  • 11,871
  • 42
  • 107
  • 168

1 Answers1

0

Did you check to see if the certificate references an OCSP source also? Most browsers do not auto-import CRLs, but they may make an OCSP request.

You can view this by looking at the Authority Information Access (AIA) portion of an x509 certificate

E.g.

Not Critical CA Issuers: URI: http://URL.here.com/CAIssuer OCSP: URI: http://OCSP.here.com

You can read over the pertinent RFC at http://www.ietf.org/rfc/rfc5280.txt

Brennan
  • 1,398
  • 6
  • 18