When a client performs Certificate revocation checking it's my understanding the CRL is cached in the CryptoAPI cache. Is this cache a memory cache or disk cache? Meaning, does the client cache the CRL for the validity period regardless of a reboot or upon each reboot the CryptoAPI cache is purged and the client re-downloads the CRL? Thanks, PaulT15

There are several caches. In the application's memory, system's memory, disk cache. For more details please check this article: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=361c4644-9b1b-41fd-aaf9-370717edcbbcMy weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

This is indeed a great download! A must-read! If you want details about CRLs and caches in particular, you could also reach out to http://windoh.wordpress.com/2011/04/23/crl-caching-in-windows-and-a-little-bit-about-ocsp-caching-too/ I've written this blog post more than a year ago, but I guess it's still valuable enough for most people. Ciao!