Announcement

Collapse
No announcement yet.

Active Directory Certificate Services, CRLs Distribution points.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Certificate Services, CRLs Distribution points.

    Hello,

    I am watching this video ( https://www.youtube.com/watch?v=guvesWGrPPQ ), where the guy explains how to add two CRL Distribution points.

    Apologies if the question is too basic but...why would I need other Distribution points besides the ones that come by default ?

    Specifically, the guy in the video adds a UNC path , and a web server.

    Thanks in advance.
    -
    Madrid (Spain).

  • #2
    You would want multiple for redundancy and/or when you have different security zones and devices in each that need to do CRL lookups.

    Honestly this aspect of the PKI is broken. OCSP is a better option than CRL but right now they are trying to come up with a better method (like certificate stapling).
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Thanks a lot JeremyW!
      -
      Madrid (Spain).

      Comment

      Working...
      X