3rd party CA's CRL cache in domain controller?

3rd party CA's CRL cache in domain controller?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
3rd party CA's CRL cache in domain controller? Tero 10-30-2007
Posted by =?Utf-8?B?VGVybw==?= on October 30, 2007, 10:01 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

We are using 3rd party CA in our environment and are using the certificates
e.g. in smart card logon.
We have sometimes situation that the connection to LDAP of the CA where the
CRL is distributed is broken. The validity time of CRL is 1 hour. Because of
this problem we are planning to increase the validity time of the CRL.
The question is that how long does the domain controller (Win 2003 Server)
keep the CRL in cache and where the cache is located?

Thank you,
Tero

Posted by =?Utf-8?B?SmFuIExpaWthbWFh?= on October 30, 2007, 10:08 am
If you were  Registered and logged in, you could reply and use other advanced thread options
It keeps the CRL in the cache until the NextUpdate value defined in the CRL.
CRL files are cached among the temporary internet files. Run "certutil
-urlcache CRL" to see your cached CRL:s.

"Tero" wrote:

> Hi,
>
> We are using 3rd party CA in our environment and are using the certificates
> e.g. in smart card logon.
> We have sometimes situation that the connection to LDAP of the CA where the
> CRL is distributed is broken. The validity time of CRL is 1 hour. Because of
> this problem we are planning to increase the validity time of the CRL.
> The question is that how long does the domain controller (Win 2003 Server)
> keep the CRL in cache and where the cache is located?
>
> Thank you,
> Tero

Posted by =?Utf-8?B?SmFuIExpaWthbWFh?= on October 30, 2007, 10:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Run "certutil -v -urlcache CRL" to get more verbose information about
location.

"Tero" wrote:

> Hi,
>
> We are using 3rd party CA in our environment and are using the certificates
> e.g. in smart card logon.
> We have sometimes situation that the connection to LDAP of the CA where the
> CRL is distributed is broken. The validity time of CRL is 1 hour. Because of
> this problem we are planning to increase the validity time of the CRL.
> The question is that how long does the domain controller (Win 2003 Server)
> keep the CRL in cache and where the cache is located?
>
> Thank you,
> Tero

Similar ThreadsPosted
Domain Controller Security August 7, 2007, 12:38 pm
domain cache credential corrupted January 15, 2007, 9:38 am
Domain Controller Autoenrollment Fails August 4, 2005, 10:42 pm
Constant Ping From Domain Controller May 19, 2006, 11:52 am
Domain log on through VPN thirdy-party March 24, 2006, 7:46 am
Permissions needed to install applications on a domain controller September 29, 2005, 12:00 pm
NTLM Authentication, Part Server / Domain Controller October 7, 2008, 11:43 am
Multiple CA's? January 24, 2008, 1:40 am
Standalone CA's and CRL August 27, 2008, 9:10 pm
CA's and Certificates for MOM or System Center OM August 25, 2007, 11:28 am

The site map in XML format XML site map

Contact Us | Privacy Policy