|
Posted by Brian Komar on June 28, 2006, 8:30 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Is there a tool that will validate/fetch a CRL via a LDAP distribution point?
> A windows tool would be ideal. But I'll take anything.
>
> Thanks in advance
>
>
If you have a certificate with the mentioned LDAP distribution point,
the best command to use is
certutil -verify -urlfetch <certificate.cer>
The command will attempt to download all CRLs and CA certificates listed
in the AIA and CDP extensions. The command will do this for all
certificates in the chain up to a self-signed root certificate.
Another alternative is to use pkiview.msc from the WIndows Server 2003
Resource Kit tools. This tool provides a gui look to the CA hierarchy
and provides individual analysis of each AIA and CDP extension in the
cert chain.
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-
4ae7-96ee-b18c4790cffd&displaylang=en
Brian
| 
XML site map