Solved

Windows Enterprise CA configuring CDP and AIA to download the Certs/CRLs automatically from third party

Posted on 2011-03-06
3
1,121 Views
Last Modified: 2012-05-11
Hello

We have a Windows 2008 Enterprise Root CA.
We've been downloading the certs and CRLs manually from our third party partner and importing them.

They now provide the certs and CRLs via LDAP and thus, the Certs and CRL retrieval can be automated and advised us to use Tumbleweed or CAPI to automate the process.

What do I need to do to make the Certs and CRL retrieval from third party work via LDAP?  Can this be done natively in Windows or do I need a special software/server?

Do I just add the CDP, AIA paths in:
certificate authority's extensions tab:
select "CRL Distribution Point (CDP)" > Add > 
Add the third party's LDAP path as LDAP://...

certificate authority's extensions tab:
Select "Authority Information Access (AIA)" > Add >
Add the third party's LDAP path as LDAP://...

For the OCSP,
certificate authority's extensions tab:
Select "Authority Information Access (AIA)" > Add >
Add the third party's OCSP site http://...?
0
Comment
Question by:Lindows
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 63

Expert Comment

by:btan
ID: 35129805
understand that it can be done via capi codes, see this link
http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/0bdea687-7b5a-493b-b46a-87f8df5049a4

also Windows 2008 has built in support for ocsp checking for client applications running on that Windows 2008 server. Net framework provides the ability to validate certificates and certificate chains in more ways than one
see this http://social.msdn.microsoft.com/Forums/en/windowssecurity/thread/f2957b74-2438-41f0-a290-8196474f9ef2

overall, this link summarise all but look specifically at the revocation check and crypto api section.

http://technet.microsoft.com/en-us/library/cc700843.aspx
0
 

Author Comment

by:Lindows
ID: 35144881
This had an excellent info, thanks - http://technet.microsoft.com/en-us/library/cc700843.aspx

It makes more sense however, I'm new when it comes to this so I'm not sure how to go about actually implementing it.

What is tumbleweed and capi?  Do I need a third party software/client for tumbleweed and capi?





0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 35148235
actually tumbleweed is third party solution implementing cryptographic application interface (capi). capi is supported natively in windows and developer used it for crypto and public key infrastructure operations that include certificate domain. can try google 'tumbleweed and capi'
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VMWare 101 9 95
Configure maximum recipients in MS EXchange 2016 2 72
Patch KB4012598 (wannacry) won't install on 2k8 3 137
temp profile 5 19
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question