Figure 12-20. Adjusting Security Settings
427 Chapter 12: Enterprise Public Key Infrastructure
For example, if you issue a user certificate to an individual who then leaves the company,
you will probably want to prevent that certificate from being used to access any of
your systems.
Certificate revocation is a straightforward process. You simply right-click the certificate
you want to revoke in the Issued Certificates folder in the CA management console
and select Revoke Certificate from the All Tasks pop-up menu.
All revoked certificates are automatically added to the CA??™s CRL??”the list of serial
numbers of revoked certificates signed by the CA to ensure its integrity. Although this
list is continually updated internally with the CA, it is not published immediately to Active
Directory. Instead, the CRL gets published according to its own schedule. CRLs can
get fairly large. To manage replication, you can configure the CRL to publish delta CRLs,
which contain only changes since the last replication. By default, CRLs are published once
Figure 12-21. AD Certificate Services Web request Welcome screen
428 Microsoft Windows Server 2008 Administration
Figure 12-22. Requesting a certificate
Figure 12-23. Completing certificate enrollment
429 Chapter 12: Enterprise Public Key Infrastructure
a week, while delta CRLs are published once a day. You can view or change how often the
CRLs are published by right-clicking the Revoked Certificates folder in the CA management
console for your server and selecting Properties.
Pages:
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458