How to publish the Certificate Revocation List

Learn how to publish the Certificate Revocation List (CRL) during the setup of a Vista VPN running on Windows Server 2008 in this part of our VPN setup guide.

As I mentioned earlier, the SSL connection will fail unless clients can download the Certificate Revocation List (CRL). The CRL is located on the Enterprise Certificate Authority and already has a URL assigned to it. We have to figure out what this URL is, and then make it externally accessible. To do so, follow these steps:

  1. Open the Server Manager and navigate through the console tree to Server Manager | Roles | Web Server (IIS) | Internet Information Services (IIS) Manager.
  2. When the Internet Information Services (IIS) Manager Console opens, select your VPN server from the console tree.
  3. Double-click on the Server Certificates icon.
    Vista VPN setup guide, part 2
    Learn how to configure Windows Vista workstations in part 2 of our Vista VPN setup guide.
  4. You should now see the certificate that has been assigned to the server. Double-click on the certificate to reveal its properties sheet.
  5. Go to the properties sheet's Details tab and select the CRL Distribution Points option.
  6. The Certificate Revocation List URL should be listed in the text at the bottom of the window. This text contains multiple URLs, so you want to look for the URL that starts with URL=HTTP://
  7. Create a public DNS record that associates this URL with your VPN server's IP address.
  8. Go back to the Server Manager console and navigate through the console tree to Server Manager | Roles | Network Policy and Access Services | Routing and Remote Access | IPV4 | NAT.
  9. In the results pane, right-click on your server's external NIC and choose the Properties command from the resulting shortcut menu.
  10. When Windows displays the connection's properties sheet, select the properties sheet's Services and Ports tab.
  11. Select the Web Server (HTTP) check box. Windows will display the Edit Service check box.
  12. Enter the Enterprise Certificate Authority's IP address into the Private Address field, and click OK.
  13. Click OK to close the properties sheet.

Vista VPN setup guide, part 1

  Introduction
  Set up a domain controller
  Install DHCP services
  Install Active Directory Certificate Services
  Install IIS
  Request a machine certificate
  Install the Routing and Remote Access Service role
  Configure the VPN server
  Publish the Certificate Revocation List
  Make the CRL accessible

Brien Posey
About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at
http://www.brienposey.com .

This was first published in May 2008
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close