Windows Security
  Home arrow Windows Security arrow Page 3 - Implementing a PKI, Part III: Managing Mic...
ASP Free Forums 
.NET  
ASP  
ASP Code  
ASP.NET  
ASP.NET Code  
BrainDump  
C#  
Code Examples  
Database  
Database Code  
IIS  
Microsoft Access  
MS SQL Server  
Silverlight  
Visual Basic.NET  
Windows Scripting  
Windows Security  
XML  
Mobile Linux 
App Generation ROI 
IBM® developerWorks 
ASP Web Hosting  
ASP.NET Web Hosting 
Windows Web Hosting
 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WINDOWS SECURITY

Implementing a PKI, Part III: Managing Microsoft Certification Services
By: Eliana Stavrou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 12
    2005-02-01

    Table of Contents:
  • Implementing a PKI, Part III: Managing Microsoft Certification Services
  • Certification Authority Management
  • Certificate Revocation List (CRL) publication
  • Configure Root CA Certificate Properties
  • Configure CRL’s Distribution Points
  • Configure AIA Distribution Points
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Implementing a PKI, Part III: Managing Microsoft Certification Services - Certificate Revocation List (CRL) publication
    (Page 3 of 6 )

    As I stated earlier, when a certificate is cancelled it is added to the CRL. Each certificate includes a CRL distribution point and cannot be modified after a certificate is issued. The CRL distribution point is used by the client programs that use digital certificates in order to specify the validity of the certificate. If a certificate’s serial number is included within the CRL, then the client marks the certificate as invalid. Doing so, you cannot use a revoked certificate for signing or encrypting any messages. However, you can use it for decryption.

    A CRL is automatically published after a specified period of time. You may set the CRL’s publication interval by right-clicking on the Revoked Certificates folder, selecting Properties, and on the CRL Publishing Parameters window setting the publication interval. It is recommended that you set the publishing period between 90 and 180 days, because revocation of a certificate is usually a rare operation.

    As long as the client program has a valid CRL in its local cache, it will not attempt to retrieve another CRL from the CA which publishes it. However, if a CRL is absent or is not updated, the client program could not use the certificate because it cannot verify its status.

    In addition, you may use the CRL Publishing wizard to manually publish a CRL before the scheduled publication period. However, client programs that have a cached copy of a valid CRL will continue using it until its expiration period, even though a new CRL has been published. The client program will use the new CRL after the expiration of the first one.

    If you need to set the new CRL in effect immediately, you must open Internet Explorer and select Internet Options -> Content tab -> Clear SSL State, in order to remove all client authentication certificates from the Secure Sockets Layer (SSL) cache.

    Next: Configure Root CA Certificate Properties >>
     

    More Windows Security Articles
    More By Eliana Stavrou


     
    >>> Be the FIRST to comment on this article!

    WINDOWS SECURITY ARTICLES

    - Which Version of Windows 7 Should You Use?
    - Choosing the Best Windows XP Firewall
    - Finding the Correct Drivers for Windows XP D...
    - Windows Network Troubleshooting: Tips and Te...
    - Windows XP Home Network Setup: Essential Ste...
    - Using Windows Recovery Console to Fix Blue S...
    - Fix Blue Screen of Death in Windows XP: Corr...
    - Storing Data with Windows Skydrive
    - Windows System Administrator`s Toolbox
    - Solving Windows Genuine Advantage Problems
    - Encrypted Browsing in Windows using OpenSSH
    - Working with the Hosts File on Windows XP
    - Inventorying HDDs Remotely on Windows
    - Inventorying RAMs Remotely on Windows
    - Vital Windows Security Guidelines
    Find More Windows Security Articles




    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 4 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek