Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
11 Cards in this Set
- Front
- Back
|
What is a Certificate Revocation List (CRL) ?
|
A Certificate Revocation List (CRL) is a digitally signed list of unexpired certificates that a particular CA has revoked.
|
|
|
AD CS supports two types of CRLs ?
|
The AD CS supports two types of CRLs.
A Base CRL is a full, initial set of revoked certificates. A Delta CRL lists only certificates that have been revoked since the last full Base CRL was implemented. |
|
|
Abbrev : CDP
|
CRL Distribution Point (CDP)
|
|
|
What is a CRL Distribution Point (CDP) ?
|
A CRL Distribution Point (CDP) is a certificate extension that indicates where the CRL for a particular CA can be retrieved.
|
|
|
Abbrev : LDAP
|
Lightweight Directory Access Protocol
|
|
|
How do CDPs help ?
|
Using CDPs enables PKI administrators to locate and access a relevant CRL so they can manually update the entries it contains. These entries are valid only for a specified time period.
|
|
|
A CDP may be located in
|
Active Directory (AD) : You use the AD as the CDP to publish and store CRLs for enterprise CAs, which use certificate templates. PKI users can retrieve CRL data from an AD CDP using LDAP.
Accessing CRLs via a directory service uses more bandwidth than accessing CRLs directly because it requires that every client be able to authenticate to every server. Directories must be linked so that results can be located and passed back to the requesting PKI client. A local directory: You use the local directory of a CA server as the CDP to store CRLs on standalone CAs, which don't require AD or use certificate templates. By default, standalone CAs hold all certificate requests in a pending queue until a CA approves them. PKI users can access CRL data in a local directory via the Internet or an extranet, using HTTP or FTP. |
|
|
Abbrev :: OCSP
|
Online Certificate Status Protocol
|
|
|
What is OCSP ?
|
The OCSP enables you to manage and distribute the revocation status of a certificate via the Online Responder service.
|
|
|
Working of OCSP ??
|
you use the OCSP to submit a certificate status request to an Online Responder. The Online Responder service uses the OCSP to issue a digitally signed certificate status response, based on the CRLs that are provided to it by CAs.
|
|
|
configure an Online Responder
|
You can use the following sets of properties to configure an Online Responder:
Web Proxy Audit Security |
