Can I undo the change that allowed me to Ignore Offline CRL Errors on our CA?
We recently had an issuing CA that did not have it's CRL renewed from the offline Root CA. So of course the CA services could not be started.Idisabled the offlineCRL checkusing the following command "certutil setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE"So now that we have learned our lesson and are makking sure that we have a proper maintenace plan in place. One of my questions is if it is ok to leave this setting as is. And if not, how do I reverse the change?Brad
November 6th, 2009 1:37am

You're going to kick yourself <G>certutil setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFLINEnet stop certsvc && net start certsvcand then, throw away all knowledge of this "poor PKI person" command <G>Brian
Free Windows Admin Tool Kit Click here and download it now
November 6th, 2009 2:04am

Consider me kicked :) Thanks Brian.
November 6th, 2009 5:23pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics