Certificate revocation check from external network - Fails
i having issue non-domain client computer connecting remote desktop web apps. upon connecting receive error message:
"a revocation check not performed certificate "
issue similar posting:
http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/91c05025-f18a-4839-973f-42fceaf66a77/
non-domain computer has root ca installed.
crl distribution points follows:
[1]crl distribution point
distribution point name:
full name:
url=ldap:///cn=chaseit-win2k8r2dc-ca,cn=win2k8r2dc,cn=cdp,cn=public%20key%20services,cn=services,cn=configuration,dc=chaseit,dc=local?certificaterevocationlist?base?objectclass=crldistributionpoint
url=http://win2k8r2dc.chaseit.local/external/chaseit-win2k8r2dc-ca.crl
can see have traditional ldap location first, have http location.
upon using certutil -url certification.cer gives: (null).
ideas?
thanks,
c
"a revocation check not performed certificate "
issue similar posting:
http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/91c05025-f18a-4839-973f-42fceaf66a77/
non-domain computer has root ca installed.
crl distribution points follows:
[1]crl distribution point
distribution point name:
full name:
url=ldap:///cn=chaseit-win2k8r2dc-ca,cn=win2k8r2dc,cn=cdp,cn=public%20key%20services,cn=services,cn=configuration,dc=chaseit,dc=local?certificaterevocationlist?base?objectclass=crldistributionpoint
url=http://win2k8r2dc.chaseit.local/external/chaseit-win2k8r2dc-ca.crl
can see have traditional ldap location first, have http location.
upon using certutil -url certification.cer gives: (null).
ideas?
thanks,
c
> once again root ca installed in root store of non-domain machine. no error messages when navigating website has cert.
when access ssl web-site may have root certificate in current user store. when connect rdp-ssl, must have root certificate in computer store. looks like, problem this:
> chaincontext.dwerrorstatus = cert_trust_is_partial_chain (0x10000)
if have 2 or more tier hierarchy, cannot built chain, because certificate retrieval attempt failed. make sure if client able download cer files (using urls in aia extension).
http://www.sysadmins.lv
when access ssl web-site may have root certificate in current user store. when connect rdp-ssl, must have root certificate in computer store. looks like, problem this:
> chaincontext.dwerrorstatus = cert_trust_is_partial_chain (0x10000)
if have 2 or more tier hierarchy, cannot built chain, because certificate retrieval attempt failed. make sure if client able download cer files (using urls in aia extension).
http://www.sysadmins.lv
Windows Server > Security
Comments
Post a Comment