However, we realize that PKI is often new to Configuration Manager admins, and aim to share our knowledge and experience to help you be more successful with the product. We would also like to pay tribute to the help and information provided by Amer Kamal and Mark Cooper, senior Premier Field Engineers who have designed and implemented CDPs for our customers. You would need to discuss the pros and cons of this design with your security guys.
On the plus side, the connection is initiated by the trusted network only and the automation helps to reduce the possibility of the CRL not being accessible which in turn, results in a rejected PKI connection.
Manually publishing the CRL is the only option when there is no connectivity allowed between the intranet and the DMZ, and obviously carries a higher administrative overhead with a higher possibility of error. In overview, the steps you will need to perform to publish the CRL onto a separate Web server include the following:.
Office Office Exchange Server. Not an IT pro? United States English. Post an article. Subscribe to Article RSS. Click Sign In to add the tip, solution, correction or comment that will help other users.
Happy New Year All. I have a PKI environment that consists of. Thursday, January 11, PM. Saturday, January 13, AM. Friday, January 12, PM. Working on setting up a script to auto copy those from the certenroll location to the HTTP file location. Thanks for all the help and advice. Improve this question.
Massimo Massimo Add a comment. Active Oldest Votes. Improve this answer. This answer, although accepted, is actually a deprecated answer because it promotes the use of CRLs for validation. Rather than down voting my answer, how about providing a solution using OCSP instead? That way, you can enlighten the rest of us! Unfortunately, Stackoverflow Meta says to do otherwise : — Brennan.
Brennan - Quote from Meta "One thing you have to consider here, and this has been brought up times before, is that deprecated or not, people might well be lumbered with such 'legacy version' technologies, and require the solution fitting for such - and, therefore, they have a deserved place.
Brennan Considering Microsoft's own articles currently describe the use of CRLs and nothing else, I'm not sure it is valid to just dismiss this answer as invalid without providing other solutions. Sign up or log in Sign up using Google.
0コメント