 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 4 Dec 2006 15:56:19 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
We added the host crl.versign.com to our unauthenticated role - allowed
hosts. You can do the same for who ever you use as your CA.
Simon
>>>
From: "Zocher, Mark James" <[log in to unmask]>
To: <[log in to unmask]>
Date: 12/4/2006 3:53 PM
Subject: Server Certificate Revocation checking?
Microsoft added a feature way back when in Internet Explorer 5 for
checking server certificates to see if they're revoked. If a user
enables this setting, the CCA Agent will attempt to check the
certificate upon logging in. However, our roles do not have server
exceptions for checking the certificate, and a user gets a 12057
error.
Are there any universities that have configured CCA to allow server
certificate revocation checking? What servers did you have to enable
to allow this to work properly?
The setting exists for any user of IE5, 6, or 7, but is initially
unchecked in XP. However, our initial testing shows this setting is
enabled by default in Windows Vista. We documented disabling that
setting at
http://www.wsu.edu/cto/Fixing_SSL_error_12057_in_Cisco_Clean_Access
but
would prefer to not have every Vista user uncheck this box.
So, have any universities addressed this Microsoft feature?
(Basic info on Server Certificate Revocation at
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/ierk
/Ch06_b.mspx?mfr=true )
Thanks!
~Mark Zocher
Helpdesk Tech Coordinator
ITS - Student Computing Services
Washington State University - Pullman, WA
|
|
|
