You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root C

You havetwo serversnamed Server1and Server2.
Both servers run Windows Server 2008 R2.
Server1is configured as an Enterprise Root certification authority (CA).
You install the Online Responder role service on Server2.
You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root CA.
Which two tasksshould you perform?
(Each correct answer presents part of the solution. Choose two.)

You havetwo serversnamed Server1and Server2.
Both servers run Windows Server 2008 R2.
Server1is configured as an Enterprise Root certification authority (CA).
You install the Online Responder role service on Server2.
You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root CA.
Which two tasksshould you perform?
(Each correct answer presents part of the solution. Choose two.)

A.
Import the enterprise root CA certificate.

B.
Import the OCSP Response Signing certificate.

C.
Add the Server1 computer account to the CertPublishers group.

D.
Set the Startup Type of the Certificate Propagation service to Automatic.

Explanation:
Answer.???
Further information:
http://technet.microsoft.com/en-us/library/cc770413%28v=ws.10%29.aspx
Online Responder Installation, Configuration, and Troubleshooting Guide
Public key infrastructure (PKI) consists of multiple components, including certificates, certificate revocation lists
(CRLs) and certification authorities (CAs). In mostcases, applications that depend on X.509 certificates, such
as Secure/Multipurpose Internet Mail Extensions (S/MIME), Secure Sockets Layer (SSL) and smart cards, are
required to validate the status of the certificatesused when performing authentication, signing, or encryption
operations. The certificate status and revocation checking is the process by which the validity of certificates is
verified based on two main categories: time and revocation status.
..
Although validating the revocation status of certificates can be performed in multiple ways, the common
mechanisms are CRLs, delta CRLs, and Online Certificate Status Protocol (OCSP) responses.

http://technet.microsoft.com/en-us/library/cc772393%28v=ws.10%29.aspx
Active Directory Certificate Services Step-by-Step Guide
http://blogs.technet.com/b/askds/archive/2009/09/01/designing-and-implementing-a-pki-part-i-design-andplanning.aspx
Designing and Implementing a PKI: Part I Design andPlanning
http://technet.microsoft.com/en-us/library/cc725937.aspx
Set Up an Online Responder
http://technet.microsoft.com/en-us/library/cc731099.aspx
Creating a Revocation Configuration



Leave a Reply 0

Your email address will not be published. Required fields are marked *