Specify CRL Distribution Points
来源:互联网 发布:数据分析师考试含金量 编辑:程序博客网 时间:2024/05/22 10:31
Specify CRL Distribution Points
http://technet.microsoft.com/en-us/library/cc753296.aspx
Applies To: Windows Server 2008 R2, Windows Server 2012
You can add, remove, or modify certificate revocation list (CRL) distribution points in issued certificates by using the following procedure. However, modifying the URL for a CRL distribution point only affects newly issued certificates. Previously issued certificates will continue to reference the original location.
You must be a certification authority (CA) administrator to complete this procedure. For more information, seeImplement Role-Based Administration.
To specify CRL distribution points in issued certificates
Open the Certification Authority snap-in.
In the console tree, click the name of the CA.
On the Action menu, click Properties, and then click theExtensions tab. Confirm that Select extension is set toCRL Distribution Point (CDP).
Do one or more of the following. (The list of CRL distribution points is in theSpecify locations from which users can obtain a certificate revocation list (CRL) box.)
To add a new CRL distribution point
Click Add, type the name of the new CRL distribution point, and then clickOK.
To remove a CRL distribution point from the list
Click the CRL distribution point, click Remove,and then click OK.
To indicate that you want to use a URL as a CRL distribution point
Click the CRL distribution point, select the Include in the CDP extension of issued certificatescheck box, and then click OK.
To indicate that you do not want to use a URL as a CRL distribution point
Click the CRL distribution point, clear the Include in the CDP extension of issued certificatescheck box, and then click OK.
To indicate that you want to use a URL as a delta CRL distribution point
Click the CRL distribution point, select the Publish Delta CRLs to this locationcheck box, and then click OK.
To indicate that you do not want to use a URL as a delta CRL distribution point
Click the CRL distribution point, clear the Publish Delta CRLs to this locationcheck box, and then click OK.
To indicate that you want to publish this location in CRLs to point clients to a delta CRL
Click the CRL distribution point, select the Include in CRLs. Clients use this to find Delta CRL locationscheck box, and then click OK.
To indicate that you do not want to publish this location in CRLs to point clients to a delta CRL
Click the CRL distribution point, clear the Include in CRLs. Clients use this to find Delta CRL locationscheck box, and then click OK.
Click Yes to stop and restart Active Directory Certificate Services (AD CS).
CRL URLs can be HTTP, FTP, LDAP, or FILE addresses. You can use the following variables when specifying the address of the CRL.
CAName
The name of the CA
CAObjectClass
The object class identifier for a CA, used when publishing to an LDAP URL
CATruncatedName
The "sanitized" name of the CA, truncated to 32 characters with a hash at the end
CDPObjectClass
The object class identifier for CRL distribution points, used when publishing to an LDAP URL
CertificateName
The renewal extension of the CA
ConfigurationContainer
The location of the Configuration container in Active Directory Domain Services (AD DS)
CRLNameSuffix
Inserts a name suffix at the end of the file name when publishing a CRL to a file or URL location
DeltaCRLAllowed
When a delta CRL is published, this replaces the CRLNameSuffix variable with a separate suffix to distinguish the delta CRL from the CRL
ServerDNSName
The DNS name of the CA server
ServerShortName
The NetBIOS name of the CA server
Additional references
- Configuring Certificate Revocation
- Manage Certificate Revocation
- Specify CRL Distribution Points
- Re: What if the CRL distribution points for a CA change?
- CRL Distribution Point
- CRL
- How to fetch CRLs from distribution points
- Difference between "Distribute Content" and "Update Distribution Points"(SCCM)
- Distribution
- CRL证书
- nginx + crl
- Points
- points
- points
- IBM CRL面试经历
- Tomcat里配置CRL
- java解析CRL文件
- TOMCAT里配置CRL
- 加载初始化CRL原理
- java解析CRL文件
- zookeeper基础知识整理
- Twitter——针对MemCached与Redis的代理
- Windows 程序设计基础
- 编程时,应该注意的
- 安全审计与安全管理平台的区别与联系
- Specify CRL Distribution Points
- linux shell 之数组操作
- Ogre3D 1.8.1 Android移植
- js搞定网页的简繁转换
- X.509 Certificate Revocation Lists
- .Net 垃圾回收机制原理
- 语言目录
- 如何让Android编辑界面显示出来
- Eclipse 4.2.0 汉化全过程