However, for applications that require revocation checking, the client must also validate that every certificate in the chain (with the exception of the Root) is not revoked. If the Root CA is trusted this means the certificate is acceptable for use. When a client is validating a certificate, it will build the chain to a Root CA. Client use this location to download CRLs that the CA Publishes. The CRL Distribution Points extension is "stamped" in certificates. CDP extensions host the CRLs that the CA publishes. The client needs to build the entire chain to verify that the chain terminates in a self-signed certificate that is trusted (Trusted Root). A client that is validating a certificate may not have every CA certificate in the chain.
This location is "stamped" in the Authority Information Access extension of issued certificates. The Authority Information Access or AIA repository host CA Certificates. AIA and CDP extensions are very important for certificate validation. I could try to explain what the AIA and CDP are and the way to configure it, but here is a short article on it and how revocation works. ( ) Before I discuss about the issue, I would like to briefly share a bit of background on CDP & AIA extensions and their use. I am back again with another blog and today I'll share with you something interesting that I came across recently which caused the Certificate Authority to go down, and how I was able to isolate the issue by using Process Monitor (Procmon). Hello Everyone, my name is Zoheb Shaikh and I'm a Premier Field Engineer with Microsoft India. First published on TechNet on Apr 02, 2018
0 kommentar(er)
