Change CRL location for internal clients

Discussion in 'Server Security' started by Ondrej Sevecek, May 26, 2009.

  1. hello,

    when a client computer wants to perform CRL check against a public CA's CRL,
    it must connect to the CA's HTTP CRL location over a company firewall. The
    firewall actually blocks the ougoing requests to the internet where the CRL
    location lies.

    Is it possible to somehow make the clients (XP, Vista, 2008) download the
    CRLs from some internal URL which would be different from the one found in
    certificate's CDP location?

    thank you very much.

    ondrej.
     
    Ondrej Sevecek, May 26, 2009
    #1
    1. Advertisements

  2. Ondrej Sevecek napisal:
    AFAIK you can't change CRL distribution point, but a workaround is possible. You
    can setup DNS record in your internal DNS server and make that record point to
    your internal location.

    Feel free to ask more questions if needed.

    HTH

    Martin
     
    Martin Rublik, May 26, 2009
    #2
    1. Advertisements

  3. thank you very much. this has already occured to me, but I just wanted a
    confirmation that there is no other way how to achieve it.

    o.
     
    Ondrej Sevecek, May 26, 2009
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.