hoggiee
asked on
CRL in a certificate
I am a bit confused here with the CRL distribution point in my certificates. I have my own CA which generates and signs all the certificates for my company's web server, mail, and RDP. For every certificate that is issued, the CRL distribution point is as follows:
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=file://CAserver/CertEn roll/My-CA .crl
When the certificate is used with Win Server 2008 RDP, I get the following error when I access my server via RDP, and cannot proceed from there:
"A revocation check could not be performed for this certificate"
However, when the certificate is used with a Win Server 2003, I did not get that error and access is allowed. The CRL distribution is the same for all certificates and I still can access to the server externally. I am wondering if it indeed checks for the revocation list here. How actually the CRL works? Thanks.
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=file://CAserver/CertEn
When the certificate is used with Win Server 2008 RDP, I get the following error when I access my server via RDP, and cannot proceed from there:
"A revocation check could not be performed for this certificate"
However, when the certificate is used with a Win Server 2003, I did not get that error and access is allowed. The CRL distribution is the same for all certificates and I still can access to the server externally. I am wondering if it indeed checks for the revocation list here. How actually the CRL works? Thanks.
try I to add the CA cert to the clients "local computer" list of Trusted Root Authorities by going through mmc.exe, then File | Add Snap-in | Certificates | Local Computer and importing the CA certificate to the Trusted Root Authorities area.
ASKER
Tried that but still to no avail. Same error message and cannot proceed to access.
Did you confirm that the certificate did get imported correctly.
I've had a similar issue and only got the certificate working correctly on Win2K8 when I ran the MMC as administrator and then imported the Cert.
I've had a similar issue and only got the certificate working correctly on Win2K8 when I ran the MMC as administrator and then imported the Cert.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Comments from other experts did not help to solve the problem. Problem was solved with my own attempts.