Security

Previous Topic Next Topic

Certificate Revocation Lists

A CRL (often pronounced “KRILL”) is a list of certificates that have been revoked before their scheduled expiration date. A certificate might need to be revoked if its associated private key has been compromised, or if the user no longer works for the company in question.

You can configure Internet Explorer 5 and IIS 5.0 to check CRLs.

To enable CRL-checking in Internet Explorer 5

  1. On the Tools menu, select the Internet Options menu option.
  2. Select the Advanced tab.
  3. Click the Security node to expand it.
  4. Check the Check for server certificate revocation option.
CRL-Checking in IIS 5.0

CRL-checking is enabled in IIS 5.0 by default. The following Visual Basic code shows how to enable or disable CRL-checking on the default Web server.

Set oIIS = GetObject("IIS://localhost/W3SVC/1")
oIIS.CertCheckCRL = True ' False to disable CRL checking
oIIS.SetInfo
Set oIIS = Nothing

© 1997-1999 Microsoft Corporation. All rights reserved.