CRL checking problem windows 2003

Posted by Tim Mahy on Server Fault See other posts from Server Fault or by Tim Mahy
Published on 2010-06-04T06:27:54Z Indexed on 2010/06/04 6:30 UTC
Read the original article Hit count: 355

Filed under:
|
|
|

Hi all,

we have CRL that is valid for 24 hours and has a next update in 12 hours. The CRL is valid from 12:12 AM to 12:12 AM and from 12:12 PM to 12:12 PM.

In the logs of the CRL hosting webserver we see that one of our servers not always fetches the CRL at night, in most cases the server that missed the CRL IIS servers 403.16 on 12:13 PM.

Is our following theory good: when a windows server misses fetching the CRL on it's nextUpdate but the current CRL is still valid, the fetching is not retried? This leads to a situation that when the CRL expires there is no overlap and gives a little time of 403.16 situations in IIS since the CRL is not thrusted and so all certificates are marked als unsafe?

greetings, Tim

© Server Fault or respective owner

Related posts about Windows

Related posts about iis