15.6 Certificate retrieval


Certificate retrieval deals with the way certificates are retrieved from a repository by a PKI user. In Windows 2000 and Windows Server 2003, certificates can be retrieved manually from any location in which the CA publishes them: from AD, a Web site, or a file share.

Windows 2000, Windows XP, and Windows Server 2003 also provide automatic retrieval of CA certificates during certificate validation. CA certificate download locations are mentioned in the Authority Information Access (AIA) certificate extension.

An interesting way for PKI users to retrieve their personal certificates from AD and store them in their local certificate store is dragging them from the Active Directory User Object to the Personal container in the Certificates MMC snap-in.

Personal certificates issued by a stand-alone CA can be retrieved from the CA’s Web interface. If certificates are not downloaded from the CA’s Web site within 10 days, they are purged. This default behavior can be modified by editing the certdat.inc file. By modifying the “nPendingTimeoutDays” setting in the certdat.inc file (located in the c:\winnt\system32\ certsrv directory), you can set the amount of days before a certificate is purged from the stand-alone CA’s Web site.




Windows Server 2003 Security Infrastructures
Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
ISBN: 1555582834
EAN: 2147483647
Year: 2003
Pages: 137
Authors: Jan De Clercq

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net