In addition, public key Group Policy allows administrators to enhance the use of CRLs and OCSP responders, particularly in situations where extremely large CRLs or network conditions detract from performance. OCSP responders get their data from published CRLs, or they can be updated directly from the certificate status database of a certification authority (CA). OCSP responses are digitally signed responses indicating whether an individual certificate has been revoked or suspended, or if its status is unknown. In Windows, revocation data can also be made available in a variety of settings through Online Certificate Status Protocol (OCSP) responses.ĬRLs are published to specified network locations on a periodic basis where they can be downloaded by client computers. These include publication of certificate revocation lists (CRLs) and delta CRLs in several locations for clients to access, including Active Directory Domain Services, Web servers, and network file shares. To support a variety of scenarios, Active Directory Certificate Services supports industry-standard methods of certificate revocation. To effectively support certificate revocation, the client computer must determine whether the certificate is valid or has been revoked. A public key infrastructure (PKI) depends on distributed verification of credentials in which there is no need for direct communication with the central trusted entity that vouches for the credentials. Revocation of a certificate invalidates a certificate as a trusted security credential prior to the scheduled expiration of its validity period. Español (España, alfabetización internacional)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |