CRL in a certificate

I am a bit confused here with the CRL distribution point in my certificates.  I have my own CA which generates and signs all the certificates for my company's web server, mail, and RDP.  For every certificate that is issued, the CRL distribution point is as follows:

[1]CRL Distribution Point
     Distribution Point Name:
          Full Name:

When the certificate is used with Win Server 2008 RDP, I get the following error when I access my server via RDP, and cannot proceed from there:
"A revocation check could not be performed for this certificate"

However, when the certificate is used with a Win Server 2003, I did not get that error and access is allowed.  The CRL distribution is the same for all certificates and I still can access to the server externally.  I am wondering if it indeed checks for the revocation list here.  How actually the CRL works?  Thanks.
Who is Participating?
hoggieeAuthor Commented:
Problem solved! The reason was because the client PC failed to get the CRL from the CA.  I changed CRL Distribution Point to something in the form "http://CAserver/CertEnroll/My-CA.crl, then managed to access to the remote server.
try I to add the CA cert to the clients "local computer" list of Trusted Root Authorities by going through mmc.exe, then File | Add Snap-in | Certificates | Local Computer and importing the CA certificate to the Trusted Root Authorities area.
hoggieeAuthor Commented:
Tried that but still to no avail.  Same error message and cannot proceed to access.
Leon FesterSenior Solutions ArchitectCommented:
Did you confirm that the certificate did get imported correctly.

I've had a similar issue and only got the certificate working correctly on Win2K8 when I ran the MMC as administrator and then imported the Cert.
hoggieeAuthor Commented:
Comments from other experts did not help to solve the problem.  Problem was solved with my own attempts.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.