User can logon after certificate is revoked

  • Thread starter Thread starter E.M.George
  • Start date Start date
E

E.M.George

The problem I am running into is this:

We have set the user to require a smart card for logon. We
issue a smart card. and later we revoke the certificate.
The user can still logon with the revoked certificate on
the smartcard.


Development Environment:
Windows 2000 Domain, latest service packs and updates
2 x DC's
1 Enterprise CA
1 Ensterprise Sub-CA
5 workstations XP\2000Pro

CRL publishing is set for 1 hour.

What happens is that the user, even after the new CRL is
published, can still logon using the smartacrd with a
revoked certificate.

We have even downloaded and manually installed the CRL on
each server\workstation.

Any help is greatly appreciated.
 
How long is the CRL valid for?
If the DC's have the old CRL cached, they will use that until the old CRL
expires.

Thanks,
Vishal[MSFT]
 
Revocation Verification during SC logon

Bonjour All,

We have set up a 3rd party CA at our end and successfully performed the Smart card logon from hierarchical/sub CA. But When i revoke a certificate and publish the CRL the client can still do SC logon. I tried to check the status of my certificate via 2 commands :

1) certutil -urlfetch -verify certificate_name.cer

This command shows that certificate is revoked.

2) certutil -url certificate_name.cer

From CDP verification i get "Verified"

But from AIA verification i get "Revoked"

I have tried the command on both Windows Server 2003 & 2008

Kindly help where is the issue ?

Best Regards

Scott Thomas
 
Back
Top