Hi everybody,
I'm running a windows 2003 server with IIS6.
My serverâs certificate has some CRL distribution point defined.
By default the CRL is valid for 1week.
I would like to know how to get the a new CRL every 1 hour ?
I tried with some variable in the metabase but it's a bit confused for me...
Thanks
Hi,
If you publish CRL only once a week then there is no need to check every
hour. Server knows when CRL expires and will check for new CRL when time
comes.
If you need to check CRL more frequently then you will need to reconfigure
your CA to publish CRL more frequently. You have to know that Windows cache
CRL and there is no supported way to clear this cache, and make Windows
(e.g. IE or IIS) fetch a new CRL (it still has a valid CRL in its cache).
--
Mike
Microsoft MVP - Windows Security
"Yogz"
news:1861A19B-20B9-40AA-A461-ED9A65677A02@microsoft.com...
> Hi everybody,
>
> I'm running a windows 2003 server with IIS6.
> My server's certificate has some CRL distribution point defined.
>
> By default the CRL is valid for 1week.
> I would like to know how to get the a new CRL every 1 hour ?
> I tried with some variable in the metabase but it's a bit confused for
> me...
>
> Thanks
Hi Mike,
My CA publish a new CRL on demand but each published CRL is valide for 1 week.
I don't want to change the "next update date" of my CRL because not all my
servers need to check the CRL every 1 hours.
Sorry if I was unclear.
What about those variable?
- CertCheckMode
- RevocationFreshnessTime
- RevocationURLRetrievalTimeout