D
DZ
Hello all,
I've setup a CA in my domain with an offline root (W2K
Advanced server) and and online subordinate CA (W2K
server) for issuing Email and VPN certs. I've created a
CRL path in the certs that points back to a URL that is
accessible to the outside world. This so when someone
recieves an email from my domain the cert should go back
and check to see if it's valid.
The problem appears to be that no matter what I do or
try, the certificate does not actually go and check the
URL, and thus the CRL, to see if it's been revoked or
not. This creates a problem in the event I revoke a cert -
the receiving end will still see a valid cert if it
isn't checked. How do you get the CRL to work properly?
All ideas are welcome before I pull what's left of my
hair out...
I've setup a CA in my domain with an offline root (W2K
Advanced server) and and online subordinate CA (W2K
server) for issuing Email and VPN certs. I've created a
CRL path in the certs that points back to a URL that is
accessible to the outside world. This so when someone
recieves an email from my domain the cert should go back
and check to see if it's valid.
The problem appears to be that no matter what I do or
try, the certificate does not actually go and check the
URL, and thus the CRL, to see if it's been revoked or
not. This creates a problem in the event I revoke a cert -
the receiving end will still see a valid cert if it
isn't checked. How do you get the CRL to work properly?
All ideas are welcome before I pull what's left of my
hair out...