TechTalkz.com Home

Go Back   Windows Help & Support > Windows Server
Home Register Forum Rules FAQ User Blogs Gallery

Change CRL location for internal clients

Windows Server


Reply
 
LinkBack Thread Tools Display Modes
Old 05-26-2009, 09:30 AM   #1
Ondrej Sevecek
Guest
 
Posts: n/a
Default Change CRL location for internal clients

hello,

when a client computer wants to perform CRL check against a public CA's CRL,
it must connect to the CA's HTTP CRL location over a company firewall. The
firewall actually blocks the ougoing requests to the internet where the CRL
location lies.

Is it possible to somehow make the clients (XP, Vista, 2008) download the
CRLs from some internal URL which would be different from the one found in
certificate's CDP location?

thank you very much.

ondrej.



Advertisement

  Reply With Quote
Old 05-26-2009, 11:30 AM   #2
Martin Rublik
Guest
 
Posts: n/a
Default Re: Change CRL location for internal clients

Ondrej Sevecek napisal:
> hello,
>
> when a client computer wants to perform CRL check against a public CA's
> CRL, it must connect to the CA's HTTP CRL location over a company
> firewall. The firewall actually blocks the ougoing requests to the
> internet where the CRL location lies.
>
> Is it possible to somehow make the clients (XP, Vista, 2008) download
> the CRLs from some internal URL which would be different from the one
> found in certificate's CDP location?
>
> thank you very much.
>
> ondrej.
>
>


AFAIK you can't change CRL distribution point, but a workaround is possible. You
can setup DNS record in your internal DNS server and make that record point to
your internal location.

Feel free to ask more questions if needed.

HTH

Martin

--
Replace nospam with google's mail for e-mail communication
  Reply With Quote
Old 05-26-2009, 03:30 PM   #3
Ondrej Sevecek
Guest
 
Posts: n/a
Default Re: Change CRL location for internal clients

Advertisement
thank you very much. this has already occured to me, but I just wanted a
confirmation that there is no other way how to achieve it.

o.



"Martin Rublik" <martin.rublik@nospam.com> wrote in message
news:OaDXwKf3JHA.4116@TK2MSFTNGP04.phx.gbl...
> Ondrej Sevecek napisal:
>> hello,
>>
>> when a client computer wants to perform CRL check against a public CA's
>> CRL, it must connect to the CA's HTTP CRL location over a company
>> firewall. The firewall actually blocks the ougoing requests to the
>> internet where the CRL location lies.
>>
>> Is it possible to somehow make the clients (XP, Vista, 2008) download
>> the CRLs from some internal URL which would be different from the one
>> found in certificate's CDP location?
>>
>> thank you very much.
>>
>> ondrej.
>>
>>

>
> AFAIK you can't change CRL distribution point, but a workaround is
> possible. You
> can setup DNS record in your internal DNS server and make that record
> point to
> your internal location.
>
> Feel free to ask more questions if needed.
>
> HTH
>
> Martin
>
> --
> Replace nospam with google's mail for e-mail communication



Advertisement

  Reply With Quote
Reply

Thread Tools
Display Modes



< Windows Help - MS Office Help >


New To Site? Need Help?

All times are GMT. The time now is 04:02 PM.


vBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright © 2005-2008, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional