Tag Archives: crl

Verify CRL and OCSP of a certificate

One way to verify the revocation status of a certificate is to use the certutil command. Export a certificate from store in DER format. Save it to i.e C:\Temp\Cert.der Open a command promt and type. certutil -url C:\Temp\Cert.der The URL … Continue reading

Posted in Certificate Services | Tagged , , , | Comments Off on Verify CRL and OCSP of a certificate

Förlänga CRL med CA-servern offline

För att förlänga revokeringslistan när CA-servern är offline måste du ha åtkomst till CA-certifikatet. CA-certifikatet måste installeras i ditt Personal Certifikat Store på maskinen du ska arbeta på. Re-sign CRL InFile OutFile Giltigthetsperiod Days:Hours certutil -v -f -sign “PKI LAB … Continue reading Continue reading

Posted in PKI | Tagged , , | Comments Off on Förlänga CRL med CA-servern offline

Publish a CRL created with Openssl into Active Directory

When you sign a CRL with Openssl you don’t have the attribute “Published CRL Locations”. It tells where the revocation lists are or should be published. Without this attribute there is no way for certutil to know where to save … Continue reading

Posted in Active Directory, PKI | Tagged , , , , , | Comments Off on Publish a CRL created with Openssl into Active Directory

How to issue a new revocation list without the CA online

The CA certificate must be installed in the computers certificate store. Re-sign CRL InFile OutFile Validity period Days:Hours certutil -v -f -sign “PKI LAB ISSUING CA.crl” “PKI LAB ISSUING CA2.crl” 90:00

Posted in PKI | Tagged , , | Comments Off on How to issue a new revocation list without the CA online