User can logon after certificate is revoked

E

E.M.George

The problem I am running into is this:

We have set the user to require a smart card for logon. We
issue a smart card. and later we revoke the certificate.
The user can still logon with the revoked certificate on
the smartcard.


Development Environment:
Windows 2000 Domain, latest service packs and updates
2 x DC's
1 Enterprise CA
1 Ensterprise Sub-CA
5 workstations XP\2000Pro

CRL publishing is set for 1 hour.

What happens is that the user, even after the new CRL is
published, can still logon using the smartacrd with a
revoked certificate.

We have even downloaded and manually installed the CRL on
each server\workstation.

Any help is greatly appreciated.
 
V

Vishal Agarwal[MSFT]

How long is the CRL valid for?
If the DC's have the old CRL cached, they will use that until the old CRL
expires.

Thanks,
Vishal[MSFT]
 
Joined
Jan 4, 2011
Messages
1
Reaction score
0
Revocation Verification during SC logon

Bonjour All,

We have set up a 3rd party CA at our end and successfully performed the Smart card logon from hierarchical/sub CA. But When i revoke a certificate and publish the CRL the client can still do SC logon. I tried to check the status of my certificate via 2 commands :

1) certutil -urlfetch -verify certificate_name.cer

This command shows that certificate is revoked.

2) certutil -url certificate_name.cer

From CDP verification i get "Verified"

But from AIA verification i get "Revoked"

I have tried the command on both Windows Server 2003 & 2008

Kindly help where is the issue ?

Best Regards

Scott Thomas
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top