Hi everybody,

I'm running a windows 2003 server with IIS6.
My server’s certificate has some CRL distribution point defined.

By default the CRL is valid for 1week.
I would like to know how to get the a new CRL every 1 hour ?
I tried with some variable in the metabase but it's a bit confused for me...

Thanks

Hi,

If you publish CRL only once a week then there is no need to check every
hour. Server knows when CRL expires and will check for new CRL when time
comes.

If you need to check CRL more frequently then you will need to reconfigure
your CA to publish CRL more frequently. You have to know that Windows cache
CRL and there is no supported way to clear this cache, and make Windows
(e.g. IE or IIS) fetch a new CRL (it still has a valid CRL in its cache).

Show quoteHide quote

Hi Mike,

My CA publish a new CRL on demand but each published CRL is valide for 1 week.
I don't want to change the "next update date" of my CRL because not all my
servers need to check the CRL every 1 hours.

Sorry if I was unclear.

What about those variable?
- CertCheckMode
- RevocationFreshnessTime
- RevocationURLRetrievalTimeout

Recommendations for securing IIS 6.0 as a public web server
IIS Failover and CLustering or Virtual Server TEchnology?
IIS FTP server authentication via Kerberos
remove users from ftp site
Is it possible to use the Windows 2003 user names instead of pre-Windows 2000 user names in Windows
IIS 6 authentication problem
iis6 password protected file issue
Medium trust and HTTP handlers - help!
Security on inetpub/wwwroot
How to Combine Anonymous IUSR and Integrated Windows on one site