Will IIS vaildates the certificate using OCSP.
I had revoked the certificate and when tried to login into application with the
revoked certificate i am able to login successfully into the application.
Now after(5-6 hours)i had observed the revoked certificate at CA and it says
that it is revoked by CA. Now when i tried to login into the application with
the revoked certificate then "403 - Forbidden: Access is denied" message is
shown.
According to us when a certificate is made revoked then certificate must be
made invalid by checking the certificate weather it is revoked or unrevoked.
But this is not happening because IIS is checking the certificate status using OCSP
and our main engine is not performing the OCSP Validation.
Can any one explain how IIS acts when a certificate is revoked.
June 14th, 2010 9:03am
Can i know weather IIS check the client certificate status using Online Provider.
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2010 9:08am
Hi,
As this issue is related to IIS, I suggest discussing it in our IIS forum. They are the best resource to troubleshoot this issue.
http://forums.iis.net/
Tim Quan - MSFT
June 14th, 2010 9:46am