PC Review


Reply
Thread Tools Rate Thread

User can logon after certificate is revoked

 
 
E.M.George
Guest
Posts: n/a
 
      22nd Oct 2003
The problem I am running into is this:

We have set the user to require a smart card for logon. We
issue a smart card. and later we revoke the certificate.
The user can still logon with the revoked certificate on
the smartcard.


Development Environment:
Windows 2000 Domain, latest service packs and updates
2 x DC's
1 Enterprise CA
1 Ensterprise Sub-CA
5 workstations XP\2000Pro

CRL publishing is set for 1 hour.

What happens is that the user, even after the new CRL is
published, can still logon using the smartacrd with a
revoked certificate.

We have even downloaded and manually installed the CRL on
each server\workstation.

Any help is greatly appreciated.








 
Reply With Quote
 
 
 
 
Vishal Agarwal[MSFT]
Guest
Posts: n/a
 
      23rd Oct 2003
How long is the CRL valid for?
If the DC's have the old CRL cached, they will use that until the old CRL
expires.

Thanks,
Vishal[MSFT]

--
This posting is provided "AS IS" with no warranties, and confers no rights
"E.M.George" <(E-Mail Removed)> wrote in message
news:37a201c398d7$a52dd220$(E-Mail Removed)...
> The problem I am running into is this:
>
> We have set the user to require a smart card for logon. We
> issue a smart card. and later we revoke the certificate.
> The user can still logon with the revoked certificate on
> the smartcard.
>
>
> Development Environment:
> Windows 2000 Domain, latest service packs and updates
> 2 x DC's
> 1 Enterprise CA
> 1 Ensterprise Sub-CA
> 5 workstations XP\2000Pro
>
> CRL publishing is set for 1 hour.
>
> What happens is that the user, even after the new CRL is
> published, can still logon using the smartacrd with a
> revoked certificate.
>
> We have even downloaded and manually installed the CRL on
> each server\workstation.
>
> Any help is greatly appreciated.
>
>
>
>
>
>
>
>



 
Reply With Quote
 
 
 
 
New Member
Join Date: Jan 2011
Posts: 1
 
      4th Jan 2011
Bonjour All,

We have set up a 3rd party CA at our end and successfully performed the Smart card logon from hierarchical/sub CA. But When i revoke a certificate and publish the CRL the client can still do SC logon. I tried to check the status of my certificate via 2 commands :

1) certutil -urlfetch -verify certificate_name.cer

This command shows that certificate is revoked.

2) certutil -url certificate_name.cer

From CDP verification i get "Verified"

But from AIA verification i get "Revoked"

I have tried the command on both Windows Server 2003 & 2008

Kindly help where is the issue ?

Best Regards

Scott Thomas
 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do you remove a revoked certificate? paul Microsoft Windows 2000 3 13th Jan 2004 07:17 AM
How Do you delete a revoked certificate paul Microsoft Windows 2000 RAS Routing 0 9th Jan 2004 12:14 AM
Why do I get certificate revoked, this site should not be trusted? Mike Windows XP Internet Explorer 0 26th Oct 2003 05:23 AM
Re: Revoked wrong certificate Mike Danseglio \(MSFT\) Microsoft Windows 2000 Security 0 17th Jul 2003 11:05 PM
Re: Revoked wrong certificate Andreas Klementsson Microsoft Windows 2000 Security 0 17th Jul 2003 11:39 AM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 06:08 AM.