Revocation check failing on issuing CA (.crt) file
I have a typical intranet/DMZ/Internet network design and my PKI reflects it:
Std. Alone RootCA (offline)intranet
|
Ent. Sub. CA (AD integrated; CDP) intranet
|
(FW) -only outbound-traffic to DMZ and Internet
|
DMZ w/ CDP |(FW) -withrule to CDP |InternetMy problem isthe (.crt) fromthe Enterprise SubordinateCA is failing the revocation checkwhen running certutil -verify <path to .crt>. This occurs no matter if the command is being run fromthe intranet, DMZ or Internet. However, when I run certutil -URL <path to .crL>, all certs' are verified. I realize they are checking two different things. There is full access to all CDP's from intranet, DMZ and Internet.I'm a PKI newbie...so sorry for the novice-like question.Any ideas?Thanks
December 18th, 2008 8:06pm
RESOLVEDI was forgetting toimport the (.crt) to the Trusted Root Certificate Authorities store...(Homer Simpson!!)
Free Windows Admin Tool Kit Click here and download it now
December 19th, 2008 9:31pm