Tag Archives: ca

CA Flags

Disable CRL check on startup certutil -setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE

Posted in Certificate Services | Tagged , , | Comments Off on CA Flags

Publish a CRL created with Openssl into Active Directory

When you sign a CRL with Openssl you don’t have the attribute “Published CRL Locations”. It tells where the revocation lists are or should be published. Without this attribute there is no way for certutil to know where to save … Continue reading

Posted in Active Directory, PKI | Tagged , , , , , | Comments Off on Publish a CRL created with Openssl into Active Directory

Write a CSR to a CA with Openssl

If you order i.e a wildcart certificate you dont want to generate the keys on a webserver because you cant just export them without special tools. Instead you can use openssl to make the CSR. 1. First we create a … Continue reading

Posted in PKI | Tagged , , , , | Comments Off on Write a CSR to a CA with Openssl

Add third party CA in Active Directory to enable smart card logon

If you want to be able to use a smartcard issued by a third pary CA to logon to your Active Directory there are a few steps you have to do. You have to tell Active Directory to trust the … Continue reading

Posted in Active Directory, PKI | Tagged , , | Comments Off on Add third party CA in Active Directory to enable smart card logon

How to issue a new revocation list without the CA online

The CA certificate must be installed in the computers certificate store. Re-sign CRL InFile OutFile Validity period Days:Hours certutil -v -f -sign “PKI LAB ISSUING CA.crl” “PKI LAB ISSUING CA2.crl” 90:00

Posted in PKI | Tagged , , | Comments Off on How to issue a new revocation list without the CA online