How to Publish Certificate Revocation Lists to a File Transfer Protocol Location

ID: Q246563

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Server

SUMMARY

This article describes how to publish Certificate Revocation Lists (CRLs) to a File Transfer Protocol (FTP) location.


MORE INFORMATION

To publish CRLs to an FTP location, you must perform the following steps.

Step 1: Add the FTP Uniform Resource Locator (URL) to the List of URLs

To add the FTP Uniform Resource Locator (URL) to the list of URLs included in the CRL Distribution Point (CDP) extension, use the following steps:
  1. Start the Certification Authority Administration tool.


  2. Right-click the CA service name, and then click Properties.


  3. On the Policy Module tab, and then click Configure.


  4. On the X.509 Extensions tab, click Add.


  5. Type the URL, and then click OK.


Step 2: Changing the Registry Setting

To change the registry setting to enable the CA service to include FTP URLs in the certificates it issues, use the following steps:

NOTE: You only need to perform these steps once for each CA service.
  1. From the command line on the CA service, type the following command:


    2. certutil -SetReg Policy\RevocationType +CdpFtpUrl
  2. Stop then restart the CA service.


All certificates issued by the CA service now contain the FTP URL.

Additional query words:

Keywords : kbenv
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbhowto


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.