I'm in the process of creating a (IIS 8.5) web server which will require client authentication. Client authentication will be carried out using client certificates which will be issued by a third party CA.
I want to be able to do the following:
Is this possible?
You should make sure that the root certificate of the third party CA is installed on your server. This ensures you can authenticate the client certs on the server.
A pointer to a certificate's CRL for is stored in the certificates itself, IIS does not have a default CRL. You need to make sure that your server has access to the CRL Distribution Points as specified in the client certificate.
Other than that, you don't have configure anything in regards to CRLs on the server.
