Article ID: 318707 - View products that this article applies to.
This article was previously published under Q318707
This article describes how to configure Internet Information Services (IIS) version 5.0, Certificate Services version 2.0, and Microsoft Internet Security and Acceleration (ISA) Server to allow for client computers to examine the Certificate Revocation List (CRL). Additionally, this article describes how to allow for the root certificate to determine whether the certificate that you issued has been revoked.
Configure Certificate Services to publish the CRLFor more information about how to configure Certificate Services CRL distribution points, click the following article number to view the article in the Microsoft Knowledge Base:
232161Note When you configure the distribution point, add an address that can be reached externally.
(http://support.microsoft.com/kb/232161/ )Changing the locations of your Certificate Revocation List (CRL) in Certificate Services 2.0
Allow for client computers to access the CRLTo allow for client computers to access the CRL, follow these steps:
Allow for client computers to verify the certificate chainTo allow for client computers to verify the certificate chain, you must publish the root certificate in a location where client computers can access the certificate. Then, publish the distribution point through ISA Server that Microsoft Knowledge Base Article KB313072 describes. This distribution point is known as the authority information access (AIA) point.
The easiest way to allow for the client computer to verify the certificate chain is to publish the root certificates in the same location as the CRL. To do this, follow these steps.
Note If you have already issued a server certificate in which you need the client computers to be able to see both the CRL and the AIA, you must issue a new certificate.
Article ID: 318707 - Last Review: July 31, 2006 - Revision: 4.0