Solved

Windows Enterprise CA configuring CDP and AIA to download the Certs/CRLs automatically from third party

Posted on 2011-03-06
3
1,098 Views
Last Modified: 2012-05-11
Hello

We have a Windows 2008 Enterprise Root CA.
We've been downloading the certs and CRLs manually from our third party partner and importing them.

They now provide the certs and CRLs via LDAP and thus, the Certs and CRL retrieval can be automated and advised us to use Tumbleweed or CAPI to automate the process.

What do I need to do to make the Certs and CRL retrieval from third party work via LDAP?  Can this be done natively in Windows or do I need a special software/server?

Do I just add the CDP, AIA paths in:
certificate authority's extensions tab:
select "CRL Distribution Point (CDP)" > Add > 
Add the third party's LDAP path as LDAP://...

certificate authority's extensions tab:
Select "Authority Information Access (AIA)" > Add >
Add the third party's LDAP path as LDAP://...

For the OCSP,
certificate authority's extensions tab:
Select "Authority Information Access (AIA)" > Add >
Add the third party's OCSP site http://...?
0
Comment
Question by:Lindows
  • 2
3 Comments
 
LVL 62

Expert Comment

by:btan
ID: 35129805
understand that it can be done via capi codes, see this link
http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/0bdea687-7b5a-493b-b46a-87f8df5049a4

also Windows 2008 has built in support for ocsp checking for client applications running on that Windows 2008 server. Net framework provides the ability to validate certificates and certificate chains in more ways than one
see this http://social.msdn.microsoft.com/Forums/en/windowssecurity/thread/f2957b74-2438-41f0-a290-8196474f9ef2

overall, this link summarise all but look specifically at the revocation check and crypto api section.

http://technet.microsoft.com/en-us/library/cc700843.aspx
0
 

Author Comment

by:Lindows
ID: 35144881
This had an excellent info, thanks - http://technet.microsoft.com/en-us/library/cc700843.aspx

It makes more sense however, I'm new when it comes to this so I'm not sure how to go about actually implementing it.

What is tumbleweed and capi?  Do I need a third party software/client for tumbleweed and capi?





0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 35148235
actually tumbleweed is third party solution implementing cryptographic application interface (capi). capi is supported natively in windows and developer used it for crypto and public key infrastructure operations that include certificate domain. can try google 'tumbleweed and capi'
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question