Are crl updated automatically to user after a certificate is being revoke?

boxi

8/10/24, 6:43 AM

I'm clueless on how does this CRL/OCSP works. We do have a local enterprise CA, and was set on the CRL publication interval to 8 days. As what was told, when the certificate is revoked, it does not immediately apply / update to the user windows & linux machine.

So the following question if anyone can assist:

How do we setup, so as to have the CRL updates automatically to the user machine once a certificate is been revoke?
Can we use GPO to update the CRL?
Where does the CRL cache in the client machine?
Can we setup OCSP in the same enterprise CA server?

Thank you very much.

0 + 2

certificate-authority

crl

windows-server-2022

kab00m

8/10/24, 12:53 PM

This is very big topic. Start from here https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee619754(v=ws.10)?redirectedfrom=MSDN maybe it will help to narrow down your questions.

boxi

8/13/24, 5:46 AM

yea i do understand that, but the link you shared dont really tells you, will the effect be immediate shows on a user machine after certificate is revoke via CRL. i do know it cache that why there are commands to manually delete it, but my question is more towards to automation. via GPO or if any

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Are crl updated automatically to user after a certificate is being revoke?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.