I have recently installed a new standalone root Microsoft Certificate Authority and a subordinate Enterprise CA into our Active directory environment.
The Standalone Root is kept powered off and will remain so, and the Sub is issuing day to day certificates.
The problem I am seeing is that I have issued a certificate to myself a certificate using the Default 'User' Template and then transferred that to my iPhone to use for authentication with Microsoft Exchange.
It works! I get the email even when my password has been changed.
My problem comes when I try to revoke a certificate on the Sub CA.
When viewing the Certificate on my Windows 7 Machine the certificate path still says 'This Certificate is OK.'
When I run cerutil -f -urlfetch -verify MyCertificate.cer
The final result is
'Certificate is REVOKED'
Leaf certificate is REVOKED <Reason=6>
CertUtil: -verify command completed successfully.
So manually checking the status shows it has been revoked. But my iPhone is still fetching and sending email. And the Certificate path on my Windows 7 Machine still says 'OK'
Is there anything I Might of missed?