OCSP would be a better option than exposing the CRL to the outside. https://technet.microsoft.com/en-us/library/cc770413(v=ws.10).aspx
Thanks, James Massardo From: [email protected] [mailto:[email protected]] On Behalf Of Kevin Kaminski Sent: Thursday, January 12, 2017 1:51 PM To: [email protected] Subject: [mssms] PKI Question for Cloud Management Gateway and Azure Distribution Point The e-mail below is from an external source. Please do not open attachments or click links from an unknown or suspicious origin. I have a customer that is reluctant to change their PKI infrastructure to have an Internet exposed CRL. If I want to use their enterprise CA wouldn’t this be a requirement or would joining them to the domain be good enough so they can get their CRL through that mechanism? NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.
