kembangan Posted March 25, 2010 Report Share Posted March 25, 2010 We are testing using Smartcard logon with a third party PKI. Our server is Windows 2003 and the client computer is Windows XP SP3. We can successfully use the smartcard to logon. Now We revoked a certificate and created a CRL which contains the revoked certificate information. The CDP in the certificate has two fields, ldap and http, and we have published the CRL in the both locations.We tried certutil -verify -urlfetch command on the client computer and the server, and it showed that the CRL could be retrieved and the certificate was revoked. But we can still use the smartcard with the certificate to logon. We tried putting the CRL into "Trusted Root Certification Authorities" and "Intermediate Certification Authorities", and the smartcard still could logon.We also tried putting the certificate into "Untrusted certificates" store, and in this case I could not use the smartcard to logon. The client computer said the certificate was revoked.How to configure to use the CRL to restrict smartcard logon?Thanks a lot! Quote Link to comment Share on other sites More sharing options...
Copyrighter Posted November 10, 2011 Report Share Posted November 10, 2011 Hi, did You able to resolve this problem? I'm experience the same thing. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.