Internal PKI, VPN & Remote Access

Hi all,

I'm considering an Internal CA to facilitate a more secure VPN Remote Access for a handful of users who mainly work away from the office. They will need access to Exchange email and possibly some shares on a file server.

Can I publish CRL and Delta CRL to a web server which is NOT domain joined and resides in a DMZ or even a standalone Azure VM?

If it's possible any chance of some basic instructions or steps I would need to take to get the Issuing CA to talk to the Web server?

Alternatively, is SSTP enough with a public trusted cert?

Or is there a better way altogether?

Thanks for your time, as always, it's appreciated

Who is Participating?
David Johnson, CD, MVPOwnerCommented:
create a capolicy.inf and store it in your c:\windows folder before you start.  The CA must be able to write to the configured location and the url must be specified.CA
DeclaroAuthor Commented:
Thanks for the info. apologies for time taken.

I did implement your answer in a lab and it worked, have yet to roll it out

I would award points but don't seem to be able to.

Thank you for taking the time to prepare an answer

DeclaroAuthor Commented:
Thank you
David Johnson, CD, MVPOwnerCommented:
Not a problem.. btw you can publish publicly your CRL/AIA/OCSP's as they don't have any secrets to give out

Some good videos
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.