Your company has an office in New York.
Many users connect to the office from home by using the Internet.
You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an
enterprise certification authority (CA) named CA1. CA1 is only available from hosts on the
internal network.
You need to ensure that the certificate revocation list (CRL) is available to all of the users.
What should you do? (Each correct answer presents part of the solution. Choose all that
apply.)
A.
Create a scheduled task that copies the CRL files to a Web server.
B.
Run the Install-ADCSWebEnrollment cmdlet.
C.
Run the Install-EnrollmentPolicyWebService cmdlet.
D.
Deploy a Web server that is accessible from the Internet and the internal network.
E.
Modify the location of the Authority Information Access (AIA).
F.
Modify the location of the CRL distribution point (CDP).
Explanation:
CRLs will be located on Web servers which are Internet facing.
CRLs will be accessed using the HTTP retrieval protocol.
CRLs will be accessed using an external URL of http://dp1.pki.contoso.com/pki
F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol
(IP-HTTPS)-based connection, DirectAccess clients must be able to check for certificate
revocation of the secure sockets layer (SSL) certificate submitted by the DirectAccess
server. To successfully perform intranet detection, DirectAccess clients must be able to
check for certificate revocation of the SSL certificate submitted by the network location
server. This procedure describes how to do the following:
Create a Web-based certificate revocation list (CRL) distribution point using Internet
Information Services (IIS)
Configure permissions on the CRL distribution shared folder
Publish the CRL in the CRL distribution shared folderConfigure a CRL Distribution Point for Certificates