CRL in a certificate

I am a bit confused here with the CRL distribution point in my certificates.  I have my own CA which generates and signs all the certificates for my company's web server, mail, and RDP.  For every certificate that is issued, the CRL distribution point is as follows:

[1]CRL Distribution Point
     Distribution Point Name:
          Full Name:
               URL=file://CAserver/CertEnroll/My-CA.crl


When the certificate is used with Win Server 2008 RDP, I get the following error when I access my server via RDP, and cannot proceed from there:
"A revocation check could not be performed for this certificate"

However, when the certificate is used with a Win Server 2003, I did not get that error and access is allowed.  The CRL distribution is the same for all certificates and I still can access to the server externally.  I am wondering if it indeed checks for the revocation list here.  How actually the CRL works?  Thanks.
hoggieeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

collins23Commented:
try I to add the CA cert to the clients "local computer" list of Trusted Root Authorities by going through mmc.exe, then File | Add Snap-in | Certificates | Local Computer and importing the CA certificate to the Trusted Root Authorities area.
0
hoggieeAuthor Commented:
Tried that but still to no avail.  Same error message and cannot proceed to access.
0
Leon FesterSenior Solutions ArchitectCommented:
Did you confirm that the certificate did get imported correctly.

I've had a similar issue and only got the certificate working correctly on Win2K8 when I ran the MMC as administrator and then imported the Cert.
0
hoggieeAuthor Commented:
Problem solved! The reason was because the client PC failed to get the CRL from the CA.  I changed CRL Distribution Point to something in the form "http://CAserver/CertEnroll/My-CA.crl, then managed to access to the remote server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hoggieeAuthor Commented:
Comments from other experts did not help to solve the problem.  Problem was solved with my own attempts.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.