Windows Security
  Home arrow Windows Security arrow Page 5 - Implementing a PKI, Part III: Managing Mic...
ASP Free Forums 
.NET  
ASP  
ASP Code  
ASP.NET  
ASP.NET Code  
BrainDump  
C#  
Code Examples  
Database  
Database Code  
IIS  
Microsoft Access  
MS SQL Server  
Visual Basic.NET  
Windows Scripting  
Windows Security  
XML  
ASP Web Hosting  
ASP.NET Web Hosting 
Dedicated Servers 
Actuate Whitepapers 
Moblin 
JMSL Numerical Library 
Windows Web Hosting
 
IBM® developerWorks 
Sun Developer Network 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WINDOWS SECURITY

Implementing a PKI, Part III: Managing Microsoft Certification Services
By: Eliana Stavrou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 10
    2005-02-01

    Table of Contents:
  • Implementing a PKI, Part III: Managing Microsoft Certification Services
  • Certification Authority Management
  • Certificate Revocation List (CRL) publication
  • Configure Root CA Certificate Properties
  • Configure CRL’s Distribution Points
  • Configure AIA Distribution Points
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Ajax Application Generator Generate database and reporting .NET Web apps in minutes. Quickly create visually stunning, feature-rich apps that are easy to customize and ready to deploy. Download Now!

    Implementing a PKI, Part III: Managing Microsoft Certification Services - Configure CRL’s Distribution Points
    (Page 5 of 6 )

    Follow the steps provided below to configure the distribution points for CRL:

    1. Remove all the CRL distribution locations, except the local CRL distribution point.

      DO NOT remove the local CRL distribution point location. The local distribution point is similar to the following path: C:\Windows\System32\CertSrv\CertEnroll\RootCA.crl. The CA uses the local CRL to validate all certificates that are generated before the certificates are issued to users. The local path is not included in the CRL distribution point extension of issued certificates.

    2. On the Extensions tab, in Select Extension, select CRL Distribution Point (CDP).

    3. In Specify Location from which users can obtain a CRL, select one by one the CRL distribution locations (except the local location), click Remove, and then click Yes.

      After you remove the locations, the remaining list of CRL distribution points will be similar to the following figure.

      Implementing a PKI -- CRL Properties

    4. Next, you have to specify the distribution locations (HTTP or LDAP) you are going to use for the CRL publication. It’s best to use an HTTP location when it’s critical not to have any latencies or when clients are not joined in an Active Directory; HTTP locations generally do not replicate and do not have latency issues, whereas an LDAP distribution point might be located in a distributed directory service, like Active Directory.

      Click Add, and in Location give the CRL distribution location, and then click OK. Repeat for each type of access protocol if you wish to support more than one protocol.

    5. Now you must configure some more properties about the CRL publishing. The properties must be set for every CRL distribution point path.
      • Select a path one-by-one.

      • For each path, and while on the Properties tab, select or clear the check box that is listed in the previous table, depending on the type of path, and then click Apply.

    Implementing a PKI - CRL Table

    Table: CRL Distribution Point Properties

    Next: Configure AIA Distribution Points >>
     

    More Windows Security Articles
    More By Eliana Stavrou


     
    >>> Be the FIRST to comment on this article!

    WINDOWS SECURITY ARTICLES

    - Advanced Data Protection in Windows
    - Basic Data Protection in Windows
    - Windows XP Security
    - Lucky You, Microsoft has Sent You an Email! ...
    - Implementing a PKI, Part III: Managing Micro...
    - Windows 2000 Security
    - A Security Roadmap
    - Implementing a Public Key Infrastructure (PK...
    - Hardening Communications
    - Windows Host Security: Network Security Hacks
    - Hardening Wireless LAN Connections, Part 2
    - Hardening Wireless LAN Connections Part 1
    - Windows Reverse Engineering
    - Microsoft's Latest Security Updates -- The G...
    - Cross Site Scripting (XSS): An Overview
    Find More Windows Security Articles




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway