Windows Certificate Services – Setup a CRL
May17

Windows Certificate Services – Setup a CRL

Setup a CRL KB ID 0000957 Problem One of the often-overlooked tasks in a Public Key Infrastructure (PKI) deployment is configuring your Certificate Services Certificate Revocation List (CRL). For smaller deployments with only one server, you don’t need to worry about complex design considerations (though a CRL doesn’t have to be hosted on a Certificate Services server). In my test environment, I have only one PKI server,...

Read More
Microsoft PKI Planning and Deploying Certificate Services Part 2
May14

Microsoft PKI Planning and Deploying Certificate Services Part 2

KB ID 0001310  Problem In Part One we deployed our offline Root CA Server, now we are going to deploy a ‘Certificate Revocation Location’ server. Solution Before you start: Create a DNS record for ‘pki’ that points to the IP address, that you will have the CRL web server hosted on. I’m installing my CRL server on a separate web server because thats good practice. Starting with a domain joined member...

Read More
Microsoft Certificate Services Configuring  OCSP
Nov17

Microsoft Certificate Services Configuring OCSP

KB ID 0001084  Problem I seem to have done a lot of PKI the last 18 months. This week I needed an OCSP server deploying for the CA server on my test bench so I took the time to document it for future use. One of the most overlooked parts of a PKI deployment, is how to cope with ‘revoking’ certificates. Traditionally this has been done with a CRL, but there is a downside to CRL’s. Network devices tend to cache them,...

Read More