Configuring Offline Root CA on Windows 2008 R2 server

Home Forums Server Operating Systems Windows Server 2008 / 2008 R2 Configuring Offline Root CA on Windows 2008 R2 server

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    kojo1984
    Member
    Jun 17, 2011 at 6:22 am #155103

    Hi,

    I have a question regarding publishing CRL of Offline Root CA.

    Friend of mine said to me that Automatic publishing of CRLs (for exmple every 180 days) should be disabled (how to do that?).

    He showed me a few Verisign certificates that do not have CDP defined.
    I think that CRL from Offline Root CA SHOULD (MUST) be published to confirm validity of all certificates that were issued (signed) by Offline Root CA.

    My Offline Root Ca is configured CRL publication interval of 180 days. Offline Root CA is not connected to the network and turned of all the time.

    When I’m publishing CRL from Offline Root CA, I’m manually copying it to CDP, which is online location on network (IIS). In a event of revocation of some subordinate CAs, I would manually force publish of CRL.

    Should I or should I not configure autopublish interval of CRL on Oflline Root CA? Is there a way to disable it?

  • Author
    Posts
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Reach Out
Learn More
Sitemap

© 2021 BWW Media Group Terms and Conditions of Use | Privacy Policy

We use cookies to improve your browsing experience.

Find out more about our cookie policy here.