Applications Server
 

Active Directory 2008 : Configuring Active Directory Certificate Services (part 3) - Revoking Certificates

1/7/2014 8:29:01 PM

3. Revoking Certificates

Occasionally, you will need to remove a certificate from a user or computer. This is known as certificate revocation. For example, if a user gets terminated from your organization, as an administrator, you have the ability to revoke this user's certificate so that they cannot access any data or confidential information after they leave the company.

The following are some of the certificate revocation components:


Certificate revocation list (CRL)

When certificates get revoked, they are listed in the certificate revocation list (CRL). When configured properly by an administrator, this list is used by all the certificate servers. The CRL helps validate certificates and helps prevent revoked certificates from being used.


CRL distribution point (CDP)

You need to publish your CRL to a shared location called a CRL distribution point (CDP). This gives your CRL a central location that all the certificate servers can share and use.

NOTE

Remember to change the URL distribution point for the authority information access (AIA) for any new root CA. You need to make this location accessible to all users in your organization's network. The offline root CA's default AIA points are not accessible to users on the network. If you do not change the location of the AIA, certificate chain verification fails.


Online Responder

The Online Responder is the server component of a certificate validation method called Online Certificate Status Protocol (OCSP). When certificates get revoked, your certificate server needs to make sure that these certificates don't get used again. You can perform this validation in many ways. The most common validation methods are CRLs, delta CRLs, and OCSP responses. Previous versions of Windows Server only supported CRLs. Windows Vista and the Windows Server 2008 operating system support both CRL and OCSP as methods for determining certificate status. The OCSP support applies to both the client component and the server component (called the Online Responder).

Exercise 4 walks you through the process of revoking a certificate using the Certificate Authority MMC snap-in (this MMC is installed automatically after the installation of your certificate server). You must have completed Exercise 1 and 3 in order to complete this exercise.

Exercise 4: Revoking a Certificate

  1. Open the Certificate Authority MMC by selecting Start => Administrative Tools => Certificate Authority.

  2. On the left pane, expand the server name. Click the Issued Certificates folder. Right-click the certificate (right pane), and in the menu, choose All Tasks => Revoke Certificate.



  3. In the Certificate Revocation dialog box, you can choose the reason for the revocation and the effective date. Choose Unspecified and enter today's date. Click Yes. Close the Certificate Authority.
 
Others
 
- Active Directory 2008 : Configuring Active Directory Certificate Services (part 2) - Enrolling User and Computer Certificates
- Active Directory 2008 : Configuring Active Directory Certificate Services (part 1)
- Active Directory 2008 : Monitoring and Troubleshooting Active Directory Replication
- Sharepoint 2013 : Organizing and managing information - Associating document templates with content types
- Sharepoint 2013 : Organizing and managing information - Creating a new content type
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 3) - Designing Exchange Server Infrastructure
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 2) - Designing Exchange Server Roles in an Exchange Server Environment
- Architecting an Enterprise-Level Exchange Server 2013 Environment (part 1) - Designing Active Directory for Exchange Server 2013
- Sharepoint 2013 : Organizing and managing information - Browsing through content types
- Sharepoint 2013 : Organizing and managing information - Creating site columns
- Sharepoint 2013 : Organizing and managing information - Browsing through site columns
- Active Directory 2008 : Configuring Replication (part 5) - Configuring Server Topology
- Active Directory 2008 : Configuring Replication (part 4) - Intersite Replication - Creating Bridgehead Servers
- Active Directory 2008 : Configuring Replication (part 3) - Intersite Replication - Creating Connection Objects , Moving Server Objects between Sites
- Active Directory 2008 : Configuring Replication (part 2) - Intersite Replication - Creating Site Links and Site Link Bridges
- Active Directory 2008 : Configuring Replication (part 1) - Intersite Replication
- System Center Configuration Manager 2007 : Distributing Packages - Creating Advertisements (part 6)
- System Center Configuration Manager 2007 : Distributing Packages - Creating Advertisements (part 5)
- System Center Configuration Manager 2007 : Distributing Packages - Creating Advertisements (part 4) - OpsMgr Advertisement - Advertisement Interaction, Advertisement Security
- System Center Configuration Manager 2007 : Distributing Packages - Creating Advertisements (part 3) - OpsMgr Advertisement - Advertisement Schedule, Advertisement Distribution Points
 
 
Most View
 
- Upgrading to Sharepoint 2013 : Upgrading Content - Creating the Web Application, Testing the Content Database
- Exchange Server 2013 administration overview : Getting started with Exchange 2013 and Exchange Online
- Configuring SQL Server 2012 : Setting the Options (part 2) - Configuring the Database
- Exchange Server 2013 administration overview : Exchange Server 2013 and your hardware
- Windows 7 : Hardware and Software Compatibility (part 5) - Windows Virtual PC and XP Mode - Understanding Windows Virtual PC
- Windows 8 : Creating a Windows Network - Choosing a Network and Cabling System (part 1)
- SQL Server 2012 : Configuration Options (part 5) - Security-Configuration Properties
- Migrating to Exchange 2013 : Legacy Exchange Migrations, Common Migration Problems
- Sharepoint 2013 : Building an Application with Access Services (part 3) - Creating the Basic Application
- Microsoft Visio 2010 : Adding Structure to Your Diagrams - Annotating Shapes with Callouts
 
 
Top 10
 
- Microsoft OneNore 2010 : Distributing Your Notes - Transferring a Notebook to Another Computer
- Microsoft OneNore 2010 : Distributing Your Notes - Saving Pages, Sections, and Notebooks in Alternative File Formats
- Microsoft OneNore 2010 : Distributing Your Notes - Emailing a Page
- Microsoft OneNore 2010 : Distributing Your Notes - Printing a Section
- Microsoft Exchange Server 2010 Requirements : Additional Requirements
- Microsoft Exchange Server 2010 Requirements : Software Requirements (part 2) - Windows Server Roles and Features
- Microsoft Exchange Server 2010 Requirements : Software Requirements (part 1) - Additional Software
- Microsoft Exchange Server 2010 Requirements : Getting the Right Server Hardware (part 3) - Disk Requirements
- Microsoft Exchange Server 2010 Requirements : Getting the Right Server Hardware (part 2) - Memory Recommendations, Network Requirements
- Microsoft Exchange Server 2010 Requirements : Getting the Right Server Hardware (part 1) - The Typical User , CPU Recommendations