Re: IAS CRL Configuration

---

• From: wauger@xxxxxxxxx
• Date: 21 Jul 2006 13:00:07 -0700

---

All,
Essentially I am looking for how to review, control, initiate, verify
that the CRL is being used/retreived/loaded by IAS. How can I verify
this within IAS? The only help information provided within the snap-in
says that the CRL will be retreived when the previous one expires. How
do I check that? Or even verify that IAS already has a previous CRL?

Thanks,
-Paul


wauger@xxxxxxxxx wrote:

Greg,
Thank you very much. I assume that when you state "CA Snap-in" you are
referring to the snap-in on the Enterprise Subordinate CA that is
issueing the certs and the CRL's = correct?

-Thanks,
Paul


Greg Lindsay [MSFT] wrote:

Hi Paul,

Open the Certification Authority snap-in, and double-click (expand) the
certificate for which you want to configure expiration paramaters.
Right-click "Revoked Certificates" and select Properties from the dropdown.
You should be able to configure CRLs here.

I hope this helps!
--
Greg Lindsay [MSFT]
greg.lindsay@xxxxxxxxxxxxx

Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

<wauger@xxxxxxxxx> wrote in message
news:1153241450.019913.169890@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi All,
I am having a lot of trouble finding the mechanism to configure the
retrieval and expiration value for the certificate revokation list
(CRL) within Microsoft IAS 2003 server.

Is this done automatically using the value within the server cert
issued to IAS? Can I manually configure the CRL publishing location,
retrieval time/freqency and expiration?

Thanks for the help...

-Paul

.

---

• Follow-Ups:
  • Re: IAS CRL Configuration
    • From: Greg Lindsay [MSFT]

• References:
  • IAS CRL Configuration
    • From: wauger
  • Re: IAS CRL Configuration
    • From: Greg Lindsay [MSFT]
  • Re: IAS CRL Configuration
    • From: wauger

• Prev by Date: Re: IAS CRL Configuration
• Next by Date: Re: IAS server Max
• Previous by thread: Re: IAS CRL Configuration
• Next by thread: Re: IAS CRL Configuration
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: IAS + CRL Usage (PEAP/EAS etc) ... "IAS doesn't store the CRL, ... the metadata in a specific certificate can be modified to point ... we trust the CA - if I have a certificate signed ... (microsoft.public.windows.server.networking) Re: IAS CRL Configuration ... I was referring to the server that is running CA in my last response. ... troubleshooting certificate issues, but I'm not sure if it would contain the ... You're correct that the IAS server does not use a new CRL until the old one ... (microsoft.public.internet.radius) Re: CRL list ... If the certificate or any certificate from the same issuing CA was ... This cert will continue to verify, ... till the CRL expires. ... of the certs are valid. ... (microsoft.public.platformsdk.security) Re: forced CRL refresh/update with EAP-TLS ... IAS doesn't store the CRL, ... IAS uses certificate to identify and validate the user credentials. ... (microsoft.public.internet.radius) RE: RADIUS IAS CRL CHECK ... However, when the workstation is turned on, it can establish a ... It seems that the IAS ignores the CRL. ... certificates' in the DC, we do get an error of "The certificate is ... (microsoft.public.internet.radius)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)