Announcement

Collapse
No announcement yet.

Certificate revoked but user still can login

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate revoked but user still can login

    hi everyone, here is my problem :
    1) my users logon to their workstation via Smartcard with Windows certificate (Win 2003 SP2 as CA server)
    2) I reviked the Cert of one of my users
    3) the user still can logon to his workstation

    Did I forget something ?

    Thank you for helping,

  • #2
    Re: Certificate revoked but user still can login

    You need to doublecheck your CRL. That lets a client know if a certificate has been revoked.

    Haven't dealt much with this type of logon but hopefully allows you to carry out further research in the right area.

    Comment


    • #3
      Re: Certificate revoked but user still can login

      Hi,

      Have you configured the CRL "Publish period". The default is about a week in 2003.
      You may need to manually Publish the CRL.

      Ta
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment


      • #4
        Re: Certificate revoked but user still can login

        Hmmm configure a delta crl
        http://technet.microsoft.com/en-us/l.../cc782162.aspx
        http://technet.microsoft.com/en-us/l.../cc738468.aspx
        http://technet.microsoft.com/en-us/l...73(WS.10).aspx
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Certificate revoked but user still can login

          Is your AD configured to require smart card? Is the user able to log on using their smart card or are they using the login dialog box?

          Comment

          Working...
          X