Creating a HTTP Certificate Revocation List Distribution Point for Your Internal Certification Authority – Part 1

In this article I will walk you through a process to set up a certification authority (CA) to publish a certificate revocation list (CRL) distribution point via HTTP.

Prerequisites:

Installed & Configured Windows Server with Active Directory Certificate Services.

Configure the CDP settings on the CA

  • In Server Manager, go to Tools and open Certificate Authorities, click on Properties. On the Extensions tab, click Add.
  • In Location, type http://crl.<the domainname>/crld/ For example, http://crl.yourdomainname.com/crld/
  • In Variable name, click <CaName>, click Insert; click <CRLNameSuffix>, click Insert; click <DeltaCRLAllowed>, click Insert.
  • In Location, type .crl at the end of the Location string and then click OK.
  • Select Include in CRLs. Clients use this to find Delta CRL locations. And Include in the CDP extension of issued certificates, then click Apply.
  • Click No in the dialog box asking you to restart the ADCS.

Configure the file share:

Click Add.

In Location, define the file server and share name.I am using share folder on local server so: C:\crldist .

 

In Variable, click <CAName>, click Insert; In Variable, click <CRLNameSuffix>, click Insert; In Variable, click <DeltaCRLAllowed>, click Insert.

In Location, type .crl at the end of the Location string and then click OK.

Select Publish CRLs to this location and Publish Delta CRLs to this Location, then click Apply. Click Yes in the dialog box asking you to restart the CA.

 

I have also deleted all other CDP points as my infrastructure will use  HTTP access as my only CDP point

.

Now you can close the CA console.

Next part:

Creating a HTTP Certificate Revocation List Distribution Point for Your Internal Certification Authority – Part 2

 

Pridaj komentár

Vaša e-mailová adresa nebude zverejnená. Vyžadované polia sú označené *