Je hebt een klacht over de onderstaande posting:
@ Bitwiper, lees eens hier: https://news.netcraft.com/archives/2013/05/13/how-certificate-revocation-doesnt-work-in-practice.html je bent helemaal afhankelijk van hoe CryptoAPI werkt in Windhoos. In some cases, CryptoAPI may retrieve CRLs before OCSP URLs. This only occurs when one of the following two circumstances exist: The number of cached OCSP responses for a specific certificate issuer exceeds the magic number defined in Group Policy. This number is 50 by default. Group Policy is configured to prefer CRLs over OCSP for revocation checking. Dit is ook belangrijk If validated by a client that supports partitioned and indirect CRLs, the IDP extension enables the client to determine the necessary scope of a CRL when a CA certificate is renewed or re-keyed. For Windows Server CAs, the IDP extension can limit revocation information in a CRL to only end-entity certificates or to CA certificates. CryptoAPI does not support attribute certificates or partitioning CRLs by reason codes.
Beschrijf je klacht (Optioneel):