I am a bit confused here with the CRL distribution point in my certificates. I have my own CA which generates and signs all the certificates for my company's web server, mail, and RDP. For every certificate that is issued, the CRL distribution point is as follows:
CRL Distribution Point
Distribution Point Name:
When the certificate is used with Win Server 2008 RDP, I get the following error when I access my server via RDP, and cannot proceed from there:
"A revocation check could not be performed for this certificate"
However, when the certificate is used with a Win Server 2003, I did not get that error and access is allowed. The CRL distribution is the same for all certificates and I still can access to the server externally. I am wondering if it indeed checks for the revocation list here. How actually the CRL works? Thanks.