You need to ensure that the certificate revocation list (CRL) is available to all of the users

Your company has an office in New York.
Many users connect to the office from home by using the Internet.
You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise
certification authority (CA) named CA1. CA1 is only available from hosts on the internal network.
You need to ensure that the certificate revocation list (CRL) is available to all of the users.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)

Your company has an office in New York.
Many users connect to the office from home by using the Internet.
You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise
certification authority (CA) named CA1. CA1 is only available from hosts on the internal network.
You need to ensure that the certificate revocation list (CRL) is available to all of the users.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)

A.
Create a scheduled task that copies the CRL files to a Web server.

B.
Run the Install-ADCSWebEnrollment cmdlet.

C.
Run the Install-EnrollmentPolicyWebService cmdlet.

D.
Deploy a Web server that is accessible from the Internet and the internal network.E. Modify the location of the Authority Information Access (AIA).

F.
Modify the location of the CRL distribution point (CDP).

Explanation:
CRLs will be located on Web servers which are Internet facing.
CRLs will be accessed using the HTTP retrieval protocol.
CRLs will be accessed using an external URL of http://dp1.pki.contoso.com/pki
F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS)-
based connection, DirectAccess clients must be able to check for certificate revocation of the secure
sockets layer (SSL) certificate submitted by the DirectAccess server. To successfully perform intranet
detection, DirectAccess clients must be able to check for certificate revocation of the SSL certificate
submitted by the network location server. This procedure describes how to do the following:
Create a Web-based certificate revocation list (CRL) distribution point using Internet Information Services
(IIS)
Configure permissions on the CRL distribution shared folder
Publish the CRL in the CRL distribution shared folder
Configure a CRL Distribution Point for Certificates



Leave a Reply 1

Your email address will not be published. Required fields are marked *