CRL Cache
When a client performs Certificate revocation checking it's my understanding the CRL is cached in the CryptoAPI cache. Is this cache a memory cache or disk cache? Meaning, does the client cache the CRL for the validity period regardless of a reboot
or upon each reboot the CryptoAPI cache is purged and the client re-downloads the CRL?
Thanks,
PaulT15
May 6th, 2011 10:15am
There are several caches. In the application's memory, system's memory, disk cache. For more details please check this article:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=361c4644-9b1b-41fd-aaf9-370717edcbbcMy weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2011 11:21am
This is indeed a great download! A must-read!
If you want details about CRLs and caches in particular, you could also reach out to
http://windoh.wordpress.com/2011/04/23/crl-caching-in-windows-and-a-little-bit-about-ocsp-caching-too/
I've written this blog post more than a year ago, but I guess it's still valuable enough for most people.
Ciao!
September 5th, 2012 3:27pm