Highest Voted 'crl' Questions - Server Fault Stack Exchange

1

vote

1 answer

How to maintain revokation list for client certificates

I have a website running in Windows Server 2012, IIS. User's are authenticated using client certificates. I used to issue client certificates using Certificate Authority MMC snap-in. Since the number of users is growing rapidly, I am now creating…

asked Feb 02 '15 at 21:13

H. den Breejen

11
1

1

vote

1 answer

How do I manually publish a CRL for a certificate?

I have setup a new server and installed Remote Access and Certificate Authority services so I can configure it as a VPN. I have created my own certificate through http://localhost/certsvr, and have imported into the Trusted Certificate Store. My VPN…

vpn certificate-authority workgroup crl

asked Dec 30 '12 at 21:27

David Anderson

111
1
4

1

vote

1 answer

Windows Server 2003: Taking Root and Intermediate CA's offline causers faiure in Enterprise CA

I installed 3 CA's in lab environment: SA Root CA SA Intermediate CA Enterprise CA (also DC) The instructor recommends taking Root and Intermediate CA's offline once the Enterprise CA has been issued it's certificate. I took Root and Intermediate…

certificate-authority windows-server-2003-r2 crl

asked Apr 21 '12 at 13:40

Dean

1,009
3
10
19

1

vote

1 answer

How to publish a CRL for an internal Windows certification authority?

I have an Active Directory domain with an Enterprise Root Certification Authority in it; the domain uses a private domain name ("domain.local"), and we also have a public domain name ("domain.com"). The domain contains the following…

ad-certificate-services pki crl

asked Apr 12 '12 at 18:10

Massimo

70,200
57
200
323

1

vote

1 answer

How can we clear CRL cache in Windows Server 008 using certutil command?

I know we can clear the CRL Cache in Windows Server 2008 using the certification authority UI. However, I want to automate the process and therefore looking a way to do it from command line. Is it possible using certutil or any other default…

active-directory ad-certificate-services crl

asked Feb 17 '12 at 05:39

Andy Brikshaw

13
1
3

1

vote

1 answer

Considerations for certificate revocation for intermittently isolated ad-hoc networks

I'm trying to decide on a certificate revocation strategy for a solution I'm designing (that will utilize Dogtag PKI, per customer request). The obvious choices seem to be using a CRL or using OCSP. I'm trying to understand the practical…

security certificate crl rhcs ocsp

asked Apr 06 '11 at 15:57

G__

314
2
10

1

vote

1 answer

What should be the CRL publishing period for corporate environments?

I am trying to suggest a CRL publishing period for a Microsoft CA, the user certificates are going to be used for digital signature.There can be cases that a user certificate may be revoked. Normally what is the period to define , so that I can…

pki crl

asked Feb 02 '11 at 06:38

abmv

125
8

1

vote

0 answers

Need help figure out why I can logon to Windows with a revoked smartcard certificate

I am adding smart card login to our domain and have got almost everything working properly except that when I revoke the certificate on our Enterprise CA I can still log into computers. I have checked that I can download the CRL using the link in…

login crl smartcard

asked Jul 21 '23 at 17:12

Andy Haer

11
1

1

vote

2 answers

What is the best practice to handle expiring S/MIME mail certificates

where can I find info regarding the proper way to handle expiring mail certificates? Here's the problem: our certificates for digitally signing mails expire after a year. If, a week before expiry, I revoke a certificate and create a new one,…

certificate outlook crl smime

asked Nov 15 '22 at 15:33

Jürgen Depicker

11
1

1

vote

2 answers

How to Delete CRL Files in Local Cert Store

I need to import CRL files to a Bastion server that is not part of my environments domain. The CRL files are updated every few days so a new copy needs to be imported to the local cert store on the Bastion frequently. I noticed when I do a fresh…

powershell certificate-authority crl certutil cert-manager

asked Jun 23 '22 at 20:07

jrd1989

698
15
48

1

vote

0 answers

Revoked certificate not getting into Microsoft CA CRL

I have a CA and an Active Directory + ADFS instances set up on a Windows Server 2016 machine. I issued a client certificate for one of the users (for smart card logon) and then revoked it. However, I'm still able to log in via the revoked…

active-directory crl adfs

asked Oct 19 '21 at 18:30

Max

11
1

1

vote

1 answer

CRL distribution point with multiple names

I'd like to create a certificate with CRL discribution point, which contains multiple URLs (poiting to the same CRL, according to RFC 5280): When OpenSSL parses such certificate, it shows something like this: X509v3 CRL Distribution…

openssl crl

asked Aug 04 '21 at 15:49

Laney

113
4

1

vote

1 answer

OpenSSL invalid revocation date / update CRL?

I have an index.txt file where I changed the value of a certificate - whose certificate file I do not have - from V to R to revoke it. The index.txt looks as follows exemplarily: V 220303095424Z 123456 unknown /bla R 220303104529Z …

openssl certificate self-signed-certificate crl revoked

asked Feb 13 '20 at 09:34

Ferit

111
3

0

votes

0 answers

How to delay CRL Renewal

I have a 3 Tier PKI and I have issued 90,000+ certificates. Within 2 days Root and Policy CA CRL is getting expired and I can't renew the Root and Policy CA CRL before 2 months so what is the best approach to handle this situation ? Also, what will…

crl

asked Aug 13 '19 at 09:10

Manish

0

votes

0 answers

openssl ca -gencrl is not working at all

Out of the blue, all clients cannot connect because the crl has expired. I am unable to generate a new crl. I currently have OpenVPN configured to ignore it for the time being because clients must be able to connect. Unfortunately, until this gets…

ubuntu openvpn openssl crl

asked Aug 05 '18 at 16:07

ts90

3
3

Questions tagged [crl]