.NET
ASP
ASP Code
ASP.NET
ASP.NET Code
BrainDump
C#
Code Examples
Database
Database Code
IIS
Microsoft Access
MS SQL Server
Visual Basic.NET
Windows Scripting
Windows Security
XML

ASP Web Hosting
ASP.NET Web Hosting
Dedicated Servers
Actuate Whitepapers
VeriSign Whitepapers
Windows Web Hosting

IBM® developerWorks
Sun Developer Network
Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

WINDOWS SECURITY

RSS

Implementing a PKI, Part III: Managing Microsoft Certification Services

By: Eliana Stavrou	Search For More Articles! Disclaimer Author Terms
Rating: / 10
2005-02-01

Table of Contents:

Implementing a PKI, Part III: Managing Microsoft Certification Services

Certification Authority Management

Certificate Revocation List (CRL) publication

Configure Root CA Certificate Properties

Configure CRL’s Distribution Points

Configure AIA Distribution Points

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

ADVERTISEMENT

Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here

Implementing a PKI, Part III: Managing Microsoft Certification Services - Configure Root CA Certificate Properties

(Page 4 of 6 )

You may need to modify some properties on the digital certificate for smooth operation of the certification services.

To access the digital certificate’s properties, right-click on the local Root CA and go to <Properties> from the CA’s console.

Policy Module

Under the Policy Module -> Request Handling you could set the action required when a certificate request is received.

There are two options when a certificate request is received:

Set the certificate request status to pending. The administrator must explicitly issue the certificate.
Follow the settings in the certificate template, if applicable. Otherwise automatically issue the certificate.

I recommend that you select the first option.

CRL & AIA Distribution points

Click on the Extensions tab that provides information about the CRL Distribution Points and the Authority Information Access (AIA).

Depending on your implementation, you may need to change the distribution points for the CRL and the AIA included on every issued certificate. I covered CRL in a previous section so I will just explain what AIA is.

The AIA distribution location allows the client program to obtain a current copy of the CA’s current certificate. CA certificates are required when a certificate chain is built. Chain building is performed as part of the certificate verification process.

Next: Configure CRL’s Distribution Points >>

More Windows Security Articles
More By Eliana Stavrou

Comments On: Implementing a PKI, Part III: Managing Microsoft Certification Services

>>> Be the FIRST to comment on this article!

WINDOWS SECURITY ARTICLES

- Advanced Data Protection in Windows
- Basic Data Protection in Windows
- Windows XP Security
- Lucky You, Microsoft has Sent You an Email! ...
- Implementing a PKI, Part III: Managing Micro...
- Windows 2000 Security
- A Security Roadmap
- Implementing a Public Key Infrastructure (PK...
- Hardening Communications
- Windows Host Security: Network Security Hacks
- Hardening Wireless LAN Connections, Part 2
- Hardening Wireless LAN Connections Part 1
- Windows Reverse Engineering
- Microsoft's Latest Security Updates -- The G...
- Cross Site Scripting (XSS): An Overview
Find More Windows Security Articles