O'Reilly logo

Windows Server® 2008 PKI and Certificate Security by Brian Komar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Availability Options

In many cases, you can prevent catastrophic failure of Certificate Services by planning for availability. Availability options that are discussed in this section include:

CRL Re-Signing

If a CA is unavailable, it is easy to see that the CA is unable to issue any certificates until the CA is repaired or restored. What is not as evident is that soon afterward, all previously issued certificates will fail revocation checking. When the CA’s base CRL or delta CRL expires, relying parties will be unable to validate any of the certificates issued by the failed CA.

To ensure continued use of certificate-based applications, it is critical to extend the lifetime of the most recent ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required