certificate authority
From: deheinz1 (deheinz1.194x2a_at_mail.webservertalk.com)
Date: 07/08/04
- Next message: a_at_b.c: "IAS Athentication via ODBC"
- Previous message: Chris Eckl: "Re: IAS failing to start"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 8 Jul 2004 06:59:06 -0500
Needing help on this
Trying to configure the root certificate authority CRL list to be
placed on the subordinate so the root can be off line.
Have configured stand alone root authority on a Windows 2000 box with
the capolicy.inf pointing the CRLDistributionPoint to the the
subordinate(placed in the systemroot dir). I also have added the
subordinate server into the root policy CRL list.
The CRL seems shows up correct on the certificate.
capolicy.inf
[Version]
Signature="$Windows NT$"
[CRLDistributionPoint]
URL="http://testca.test.gettysburg.edu/gbc/gbc.crl"
[certsrv_server]
RenewalKeyLength=4096
RenewalValidityPeriod=2
RenewalValidityPeriodUnits=Years
On the subordinate created a virtual directory where the CRL will be
placed. I moved the root CRL distribution list to the virtual
directory. I then get a certificate for the subordinate. It seems to
have the proper path for the CRL but it does not seem to use the CRL
list.
The subordinate certificate seems to have the correct CRL path but when
CRL is expired the subordinate fails until the root comes back on line
and I retrieve the CRL list from the root.
Any suggestions?
Thanks,
Dave
-- deheinz1 ------------------------------------------------------------------------ Posted via http://www.webservertalk.com ------------------------------------------------------------------------ View this thread: http://www.webservertalk.com/message296112.html
- Next message: a_at_b.c: "IAS Athentication via ODBC"
- Previous message: Chris Eckl: "Re: IAS failing to start"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
