Windows Security
  Home arrow Windows Security arrow Page 3 - Implementing a PKI, Part III: Managing Mic...
ASP Free Forums 
.NET  
ASP  
ASP Code  
ASP.NET  
ASP.NET Code  
BrainDump  
C#  
Code Examples  
Database  
Database Code  
IIS  
Microsoft Access  
MS SQL Server  
Visual Basic.NET  
Windows Scripting  
Windows Security  
XML  
ASP Web Hosting  
ASP.NET Web Hosting 
Dedicated Servers 
Actuate Whitepapers 
VeriSign Whitepapers 
Windows Web Hosting
 
IBM® developerWorks 
Sun Developer Network 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WINDOWS SECURITY

Implementing a PKI, Part III: Managing Microsoft Certification Services
By: Eliana Stavrou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 10
    2005-02-01

    Table of Contents:
  • Implementing a PKI, Part III: Managing Microsoft Certification Services
  • Certification Authority Management
  • Certificate Revocation List (CRL) publication
  • Configure Root CA Certificate Properties
  • Configure CRL’s Distribution Points
  • Configure AIA Distribution Points
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here

    Implementing a PKI, Part III: Managing Microsoft Certification Services - Certificate Revocation List (CRL) publication
    (Page 3 of 6 )

    As I stated earlier, when a certificate is cancelled it is added to the CRL. Each certificate includes a CRL distribution point and cannot be modified after a certificate is issued. The CRL distribution point is used by the client programs that use digital certificates in order to specify the validity of the certificate. If a certificate’s serial number is included within the CRL, then the client marks the certificate as invalid. Doing so, you cannot use a revoked certificate for signing or encrypting any messages. However, you can use it for decryption.

    A CRL is automatically published after a specified period of time. You may set the CRL’s publication interval by right-clicking on the Revoked Certificates folder, selecting Properties, and on the CRL Publishing Parameters window setting the publication interval. It is recommended that you set the publishing period between 90 and 180 days, because revocation of a certificate is usually a rare operation.

    As long as the client program has a valid CRL in its local cache, it will not attempt to retrieve another CRL from the CA which publishes it. However, if a CRL is absent or is not updated, the client program could not use the certificate because it cannot verify its status.

    In addition, you may use the CRL Publishing wizard to manually publish a CRL before the scheduled publication period. However, client programs that have a cached copy of a valid CRL will continue using it until its expiration period, even though a new CRL has been published. The client program will use the new CRL after the expiration of the first one.

    If you need to set the new CRL in effect immediately, you must open Internet Explorer and select Internet Options -> Content tab -> Clear SSL State, in order to remove all client authentication certificates from the Secure Sockets Layer (SSL) cache.

    Next: Configure Root CA Certificate Properties >>
     

    More Windows Security Articles
    More By Eliana Stavrou


     
    >>> Be the FIRST to comment on this article!

    WINDOWS SECURITY ARTICLES

    - Advanced Data Protection in Windows
    - Basic Data Protection in Windows
    - Windows XP Security
    - Lucky You, Microsoft has Sent You an Email! ...
    - Implementing a PKI, Part III: Managing Micro...
    - Windows 2000 Security
    - A Security Roadmap
    - Implementing a Public Key Infrastructure (PK...
    - Hardening Communications
    - Windows Host Security: Network Security Hacks
    - Hardening Wireless LAN Connections, Part 2
    - Hardening Wireless LAN Connections Part 1
    - Windows Reverse Engineering
    - Microsoft's Latest Security Updates -- The G...
    - Cross Site Scripting (XSS): An Overview
    Find More Windows Security Articles




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 2 hosted by Hostway