INSERTO
asked on
How can I use OCSP for Smart Card Logon Certificate Revocation under Windows 7?
Hello
I’ve setup a two-tier PKI in my Lab like described in http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx and on the book of Brian Komar. Additionally I’ve added the OCSP-Role to the Subordinated CA. Now my environment consists of:
1 DC W2K8 Ent
1 RootCA W2K8 Ent
1 SubCA W2K8 Ent
1 Client W7 Prof
I am able to logon with a smart card to my domain. When I try to revoke the certificate and then publish the CRL and afterward refresh the OCSP revocation status, I’m still able to logon to the Domain with smart card. What I find very interesting is when I export the public key of my logon certificate and then I run certutil –URL <certfile>.cer I receive the information that my certificate is revoked. The only way I was able to bring the certificate is revoked information is only when I flush the cache on the DC and on the client. I also tried to modify the Proxy Cache to 0 but the result is still the same
Has anybody been able to use OCSP for Smart Card Logon?
Any help is appreciated.
I’ve setup a two-tier PKI in my Lab like described in http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx and on the book of Brian Komar. Additionally I’ve added the OCSP-Role to the Subordinated CA. Now my environment consists of:
1 DC W2K8 Ent
1 RootCA W2K8 Ent
1 SubCA W2K8 Ent
1 Client W7 Prof
I am able to logon with a smart card to my domain. When I try to revoke the certificate and then publish the CRL and afterward refresh the OCSP revocation status, I’m still able to logon to the Domain with smart card. What I find very interesting is when I export the public key of my logon certificate and then I run certutil –URL <certfile>.cer I receive the information that my certificate is revoked. The only way I was able to bring the certificate is revoked information is only when I flush the cache on the DC and on the client. I also tried to modify the Proxy Cache to 0 but the result is still the same
Has anybody been able to use OCSP for Smart Card Logon?
Any help is appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER