Get started Bring yourself up to speed with our introductory content.

How to make the Certificate Revocation List accessible

In this part of our VPN setup guide, learn how to make the Certificate Revocation List (CRL) accessible by removing the SSL requirement.

The default Enterprise Certificate Authority installation requires clients to use an SSL connection to download the Certificate Revocation List. While this may sound like a good idea, there's a bug in Windows Server 2008 that prevents it from working properly. Therefore, we must remove the SSL requirement. To do so, perform the following steps on your Enterprise Certificate Authority:

  1. Open the Server Manager and navigate through the console tree to Server Manager | Roles | Web Server (IIS) | Internet Information Services (IIS) Manager.
  2. When the Internet Information Services (IIS) console opens, navigate through the console tree to your server | Sites | Default Web Site | CertEnroll.
  3. Click on the Feature View button found at the bottom of the results pane, then double-click the SSL Settings icon.
  4. When the SSL Settings screen appears, deselect the Require SSL check box, and click the Apply button.

Vista VPN setup guide, part 2

Learn how to configure Windows Vista workstations inpart 2 of our Vista VPN setup guide.

Stay tuned for a step-by-step guide to client-side Vista VPN configuration.

Vista VPN setup guide, part 1

  Set up a domain controller
  Install DHCP services
  Install Active Directory Certificate Services
  Install IIS
  Request a machine certificate
  Install the Routing and Remote Access Service role
  Configure the VPN server
  Publish the Certificate Revocation List
  Make the CRL accessible

About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at

Dig Deeper on Campus area networks and services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.