Hi, I am evaluating Microsoft Certificate Server 2.0 in an environment where in I also have IAS (Internet authenticating server , Radius server from MS) for user authentication. The authentication mechanism chosen is EAP using user based certificates. An active directory is also in place where in CRL publishing takes place. The CA hierarchy is two level, Root CA and a SubCA. I am having a couple of querries : 1) How does CRL verification works in case of IAS. First time user tries to authenticate, the IAS downloads the CRL from CDP location mentioned in the certificate and for remaining attempts it checks up locally cached CRL. But i m not able to locate cached CRL , where it is stored and how can i ensure that it is the latest one...and does IAS also check for validity of all certificates in the chain i.e. SubCA certificate whether it is revoked or not....???? Because in my case SubCA (Intermediate CA) certificate verification is not happening. If the IAS fails to download CRL ( or CRL update) what action it would take , deny authentication???, accept authentication ??? generate error message???
2) Though its working fine as far as verifying user certificates are concerned , but no check for revoked SubCA certificate is happening (that issued the user certificate) There are no much documentation available on CRL verification , I just came across one where in it say about IIS and CRL etc 3) Also in EAP based authentication what different information is exchanged between peers along with certificates. any pointers or info is welcome TIA Madhur Nanda _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
