Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1163
  • Last Modified:

Windows Enterprise CA configuring CDP and AIA to download the Certs/CRLs automatically from third party

Hello

We have a Windows 2008 Enterprise Root CA.
We've been downloading the certs and CRLs manually from our third party partner and importing them.

They now provide the certs and CRLs via LDAP and thus, the Certs and CRL retrieval can be automated and advised us to use Tumbleweed or CAPI to automate the process.

What do I need to do to make the Certs and CRL retrieval from third party work via LDAP?  Can this be done natively in Windows or do I need a special software/server?

Do I just add the CDP, AIA paths in:
certificate authority's extensions tab:
select "CRL Distribution Point (CDP)" > Add > 
Add the third party's LDAP path as LDAP://...

certificate authority's extensions tab:
Select "Authority Information Access (AIA)" > Add >
Add the third party's LDAP path as LDAP://...

For the OCSP,
certificate authority's extensions tab:
Select "Authority Information Access (AIA)" > Add >
Add the third party's OCSP site http://...?
0
Lindows
Asked:
Lindows
  • 2
1 Solution
 
btanExec ConsultantCommented:
understand that it can be done via capi codes, see this link
http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/0bdea687-7b5a-493b-b46a-87f8df5049a4

also Windows 2008 has built in support for ocsp checking for client applications running on that Windows 2008 server. Net framework provides the ability to validate certificates and certificate chains in more ways than one
see this http://social.msdn.microsoft.com/Forums/en/windowssecurity/thread/f2957b74-2438-41f0-a290-8196474f9ef2

overall, this link summarise all but look specifically at the revocation check and crypto api section.

http://technet.microsoft.com/en-us/library/cc700843.aspx
0
 
LindowsAuthor Commented:
This had an excellent info, thanks - http://technet.microsoft.com/en-us/library/cc700843.aspx

It makes more sense however, I'm new when it comes to this so I'm not sure how to go about actually implementing it.

What is tumbleweed and capi?  Do I need a third party software/client for tumbleweed and capi?





0
 
btanExec ConsultantCommented:
actually tumbleweed is third party solution implementing cryptographic application interface (capi). capi is supported natively in windows and developer used it for crypto and public key infrastructure operations that include certificate domain. can try google 'tumbleweed and capi'
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now