Click here to get back home

Publish Offline Root CRL
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Publish Offline Root CRL ritchie1230 06-03-2008
Posted by ritchie1230 on June 3, 2008, 12:07 pm
Please log in for more thread options
 Hello,

I have a question that may same rather simple.

I have installed a standalone offline root ca coupled with an online
enterprise subordinate ca in a windows 2003 active directory domain.

I am approaching the interval where I have to publish the CRL from the
offline root ca.

My question is this, after I publish the CRL at the root ca and copy
the crl file and go to the subordinate CA.

Should I publish the CRL with the -f switch to publish it in active
directory, and overwrite the existing CRL or should I leave the -f
switch out?

for example: certutil -f -dspublish rootca.crl

Thank you,

ritchie

Posted by Carsten Kinder [MSFT] on June 4, 2008, 3:29 pm
Please log in for more thread options
 The -f switch is only required if the object in AD does not already exist.
In your case, you are just updating an existing object. Thus, the -f switch
is not required. After publishing the CRL into AD you can verify the
operation with certutil -viewstore

--
Carsten Kinder
Microsoft Services

This posting is provided "AS IS" with no warranties, and confers no rights.


Similar ThreadsPosted
Offline Root CA October 6, 2008, 2:56 pm
Offline Root CA and CDP/AIA paths August 29, 2005, 8:26 am
Offline Root CA CDP Expiring April 26, 2006, 2:46 am
Publishing offline root in AD and AIA and capolicy.inf July 12, 2005, 11:26 pm
Offline CA Root certificate invisble in AD March 21, 2007, 3:48 pm
PKI - Single Offline Root for Multiple Forest March 24, 2008, 9:02 pm
CRL Publish...GRRRRRRRR!!!! October 18, 2006, 6:42 pm
Re: CRL failing to publish to AD September 5, 2008, 6:08 pm
CA configuration to publish certs in AD October 2, 2006, 9:42 am
Publish the cross-certificates? July 25, 2008, 8:09 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap