Re: Exporting and Importing CRL's into AD from an offline enterprise r
Tech-Archive recommends: Fix windows errors by optimizing your registry
I'm new to PKI, so bear with me, but I think you need to copy the *.CRL
files to the online machine:
copy /y %windir%\system32\certsrv\certenroll\*.crl <target location>
Once you've copied the CRL to the other machine, you must publish the CRL
into AD.
certutil -dspublish -f <CRL file name>
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net |
http://forums.msresource.net
.
Relevant Pages
- Re: pki - CRL questions
... Making early mistakes with PKI ... If you are securing web sites or e-mail that is accessed from the internet, ... probably will want to use OCSP instead ... Can the CRL publishing list be changed for all CAs (external HTTP address ...
(microsoft.public.security) - Re: A little off-topic: Looking for ideas re. CRL Checking and Tomcat
... I've been reading through the JSSE docs. ... > these docs mentioning CRLs and CRL checking. ... > of software that involves PKI. ... for maintaining a Certificate Revocation List (CRL for those who don't ...
(comp.lang.java.programmer) - Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
... time to stop ignoring CRLs before something more serious goes wrong? ... despite the security implications, so my take away would be that the current public key infrastructure is flawed. ... IMO, it is bad practice to implement only half of a protocol/standard for any reason, but that is what using certificates without CRL checking amounts to. ... If we believe that the current PKI was truly flawed, it would be an act of gross negligence to use it for anything requiring a properly secured communication channel. ...
(Full-Disclosure) |
|
