IT tutorials
 
Applications Server
 

Active Directory 2008 : Configuring Active Directory Certificate Services (part 3) - Revoking Certificates

1/7/2014 8:29:01 PM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

3. Revoking Certificates

Occasionally, you will need to remove a certificate from a user or computer. This is known as certificate revocation. For example, if a user gets terminated from your organization, as an administrator, you have the ability to revoke this user's certificate so that they cannot access any data or confidential information after they leave the company.

The following are some of the certificate revocation components:


Certificate revocation list (CRL)

When certificates get revoked, they are listed in the certificate revocation list (CRL). When configured properly by an administrator, this list is used by all the certificate servers. The CRL helps validate certificates and helps prevent revoked certificates from being used.


CRL distribution point (CDP)

You need to publish your CRL to a shared location called a CRL distribution point (CDP). This gives your CRL a central location that all the certificate servers can share and use.

NOTE

Remember to change the URL distribution point for the authority information access (AIA) for any new root CA. You need to make this location accessible to all users in your organization's network. The offline root CA's default AIA points are not accessible to users on the network. If you do not change the location of the AIA, certificate chain verification fails.


Online Responder

The Online Responder is the server component of a certificate validation method called Online Certificate Status Protocol (OCSP). When certificates get revoked, your certificate server needs to make sure that these certificates don't get used again. You can perform this validation in many ways. The most common validation methods are CRLs, delta CRLs, and OCSP responses. Previous versions of Windows Server only supported CRLs. Windows Vista and the Windows Server 2008 operating system support both CRL and OCSP as methods for determining certificate status. The OCSP support applies to both the client component and the server component (called the Online Responder).

Exercise 4 walks you through the process of revoking a certificate using the Certificate Authority MMC snap-in (this MMC is installed automatically after the installation of your certificate server). You must have completed Exercise 1 and 3 in order to complete this exercise.

Exercise 4: Revoking a Certificate

  1. Open the Certificate Authority MMC by selecting Start => Administrative Tools => Certificate Authority.

  2. On the left pane, expand the server name. Click the Issued Certificates folder. Right-click the certificate (right pane), and in the menu, choose All Tasks => Revoke Certificate.



  3. In the Certificate Revocation dialog box, you can choose the reason for the revocation and the effective date. Choose Unspecified and enter today's date. Click Yes. Close the Certificate Authority.
 
Others
 
- Active Directory 2008 : Configuring Active Directory Certificate Services (part 2) - Enrolling User and Computer Certificates
- Active Directory 2008 : Configuring Active Directory Certificate Services (part 1)
- Active Directory 2008 : Monitoring and Troubleshooting Active Directory Replication
- Sharepoint 2013 : Organizing and managing information - Associating document templates with content types
- Sharepoint 2013 : Organizing and managing information - Creating a new content type
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 3) - Designing Exchange Server Infrastructure
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 2) - Designing Exchange Server Roles in an Exchange Server Environment
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 1) - Designing Active Directory for Exchange Server 2013
- Sharepoint 2013 : Organizing and managing information - Browsing through content types
- Sharepoint 2013 : Organizing and managing information - Creating site columns
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us