none
CRL Problem

    Question

  • Hi!

    Is it possible to let all the domain users update certificate revocation list from a central point like DC through Group Policy. If not then what kind of internet access it needs to let all the domain pcs update CRL from internet?

    Thanks.

    Monday, November 09, 2015 6:42 AM

All replies

  • Hi,

    The updating of CRL is performed by CA server instead of GP on DC.

    To a highly accurate certificate revocation list (CRL) is always available to clients, you should establish a regular publication schedule for certificate revocation data.

    To schedule the publication of the CRL

    1. Open the Certification Authority snap-in.
    2. In the console tree, click Revoked Certificates.
    3. On the Action menu, click Properties.
    4. In CRL publication interval, type the increment and click the unit of time to use for the automatic publishing of the CRL.

    You must be a certification authority (CA) administrator to complete this procedure.

    For more information, the article below may be helpful to you.

    Schedule Publication of Certificate Revocation Lists

    https://technet.microsoft.com/en-us/library/cc732174.aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 10, 2015 9:37 AM
    Moderator