|
Posted by Paul Bergson on July 7, 2005, 7:43 am
Please log in for more thread options I guess I forgot to include all info. We are publishing internally and
externally (External is aliased). I'm looking to change to external (DMZ)
only and change the certs to point to this and hopefully get the ECA to push
directly to the external web site.
For now we are running a scheduled task to push externally. It is a cya
site since we set the PKI years ago and at the time we didn't need the
external certs but now that we have started to use them externally our
clients needed access to the cdp.
--
Thanks
Paul Bergson
> microsoft.public.windows.server.security news group, Paul Bergson
>
>> Unclear as to how the CRL gets updated at the CDP? Is this something we
>> have to manually do? From everything I have read it is a manual process.
>>
>> Do sites script the CDP update process if it is manual?
>>
>
> This depends on what you're using for hosting your CDP. If you're using
> Actice Directory and your CAs are Enterprise CAs they will be published
> automatically. If you're using HTTP and you're using the CAs themselves
> as the web servers hosting the CDPs as long as you configure the CDP
> location to point to the folder where the CRLs are published to the
> files system (WINDOWS\system32\CertSrv\CertEnroll by default) the
> publication is automatic.
> For most other locations, and for offline CAs, the publication is a
> manual process and yes, it is normally scripted with a scheduled task.
>
> --
> Paul Adare
> MVP - Windows - Virtual Machine
> http://www.identit.ca/blogs/paul/
> "The English language, complete with irony, satire, and sarcasm, has
> survived for centuries without smileys. Only the new crop of modern
> computer geeks finds it impossible to detect a joke that is not clearly
> labeled as such."
> Ray Shea
| 
XML Sitemap