Ping a Specific Port

Question

Dean

Asked: 2012-04-22 05:40:29 +0800 CST2012-04-22 05:40:29 +0800 CST 2012-04-22 05:40:29 +0800 CST

Windows Server 2003: Taking Root and Intermediate CA's offline causers faiure in Enterprise CA

772

I installed 3 CA's in lab environment:

SA Root CA
SA Intermediate CA
Enterprise CA (also DC)

The instructor recommends taking Root and Intermediate CA's offline once the Enterprise CA has been issued it's certificate. I took Root and Intermediate CA's offline and now the Enterprise CA's certificate cannot be verified because both Root and Intermediate CA's are in the chain of trust and are unavailible.

To overcome that I thought to publish the CRL's to a shared folder on a server that is always availible, but CRL's are valid only for a week. That means I have to bring both Root and Intermediate CA's up every week to publish CRL's?

What is the commonly proposed solution to such scenario?

1 Answers

Voted

TomTom · Answer 1 · 2012-04-22T06:38:32+08:00

Best Answer

TomTom

2012-04-22T06:38:32+08:002012-04-22T06:38:32+08:00

You are aware you can publish the CRL to Active DIrectory and then with a longer duration?

http://networkerslog.blogspot.com/2010/12/publish-offline-certificates-and-crls.html

And then I would put the validity higher - obviously. Otherwise it is too much work to republish the CRL's.

2

Windows Server 2003: Taking Root and Intermediate CA's offline causers faiure in Enterprise CA

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?