Since the first http URL is pointing to controller1, this is effectively a configuration for the Root CA (only). The option to add multiple CRLs here is for redundancy, not for serving different CAs. Should refer to CRLs issued by the same CA. But in a single configuration all CRL URLs It seems you still have only one configuration but you have added the CRLs issued by either CA to this single config. I would stay with pkiview and certutil -url for testing if OCSP works! If OCSP works on principle I would tackle the Exchange issue. URLs but the Exchange machines were not - for example because no proxy was configured in the machine context. I have very often seen issues like the one you describe as users were able to access the revocation Exchange OWA should not be used as a test as the validation of certificates is most likely done in the context of the Exchange servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |