TLS not accepting CRL

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "MichaelW - Melb.Aus." <MichaelW - Melb.Aus.@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 21 Aug 2005 21:32:01 -0700

Maybe I have all of this wrong..
Network:
Windows2003 w/ Terminal Services
Windows 2000 w/ Certificate Services (legacy - due to be upgraded by not
slated for >months)
XP w/ TSClient 2.5+

I have the server and workstation communicating with each other when I use
TLS.
When I revoke teh certificate (and check that the certificate is revoked) -
the client still connects.

Does the TLS on the terminal server actually check the revocation of the
certificate? I have checked the local cert profile, and find the revocation
listed (with my revoked certificate) - but I can still connect.

Have I got this wrong? from what I see, the TLS is looking to see if the
SERVER's certificate is valid (and doesn't care less if mine - the client's -
is or not).

What I am trying to design is a way that I can roll out client connections
to many of our users "home" machines - without having to install software.

As a side point - I see from one of the threads, that tsweb doesn't seem to
support tls... any idea if that will ever change? Really nice way to publish
a terminalserver!

Thanks in advance.
.

Follow-Ups:
- Re: TLS not accepting CRL
  - From: Vera Noest [MVP]

Prev by Date: RE: How do I take control of the console...
Next by Date: Re: about user profile
Previous by thread: How do I take control of the console...
Next by thread: Re: TLS not accepting CRL
Index(es):
- Date
- Thread

Relevant Pages

Re: Please Help: Additional TSL Questions
... As long as your server is advertising the TLS ESMTP verbs, ... >>> The method for obtaining an SSL certificate is to go into IIS Manager ... >>> Default SMTP Virtual Server, Access Tab, then click on the Certificate ...
(microsoft.public.exchange.admin)
Re: TLS
... On the receive side, once you install the certificate, it is ... A client connecting to your server may use it but is not required. ... On the sending side, once you enable the "use TLS" setting, ... The procedure involves "installing" a certificate on the receiving side. ...
(microsoft.public.exchange.connectivity)
Re: Please Help: Additional TSL Questions
... It's TLS, not TSL, but that's a minor nit-pick. ... SMTP Virtual Server, Access Tab, then click on the Certificate button. ...
(microsoft.public.exchange.admin)
Re: TLS not accepting CRL
... Seems like TLS's purpose is server authentication and that you have ... MCSE, CCEA, Microsoft MVP - Terminal Server ... > Isn't the whole purpose of using TLS for client authentication? ... but I CAN revoke their certificate - meaning: ...
(microsoft.public.windows.terminal_services)
Re: TLS not accepting CRL
... I have not used TLS myself, but this article seems to describe what ... it is the certificate on the server which is checked, ... MCSE, CCEA, Microsoft MVP - Terminal Server ...
(microsoft.public.windows.terminal_services)