How to Manage CRLs for IIS

Published: 07th February 2011
Views: N/A

A certificate revocation list must be checked to ensure free 70-291 test questions that a certificate presented for authentication has not been revoked. CRLs are cached and used until the next CRL publication. IIS, however, should be configured to allow CRLs to be downloaded more often. If, for example, certificates have been revoked and the CA administrator manually publishes a CRL, IIS can download the new CRL without waiting for the current, cached CRL to expire. If IIS is not configured to download CRLs more frequently, information on certificates that are revoked might not be available as quickly as necessary. A user certificate that has been compromised might have been revoked, yet it could be used to access data on the server because the CRL was not updated. To manage CRLs, configure the following metabase properties:
CertCheckMode can be used to enable and disable CRL checking. (CRL checking is enabled by default.)
RevocationFreshnessTime can be used to refresh the CRL even if the cached CRL is still valid.
RevocationURLRetrievalTimeout is used to MCSA required exams set the default interval.
Your design must always specify the types of access to Web site content that should be made available. Start by designing authentication because it is the first place where you can block access or provide secure access.The design should specify the type of authentication that is allowed. Anonymous access might be required for access to public Web sites but does not have to be provided. Basic authentication and Windows integrated authentication both require accounts and passwords, but neither is the proper solution in all cases. Authentication choices provide secure access to Web information and applications. Support for improved authentication security and support for authorization controls via ACLs based on the authenticated user's identity are also benefits of well-designed user authentication.
After selecting authentication methods, create a secure design for their implementation. Many forms of IIS authentication, such as anonymous or Windows integrated, require little additional design. However, some forms of authentication— such as certificate authentication, authentication used when using RADIUS, or authentication used when FTP and/or SMTP are part of IIS—have their own design issues.
Authenticating use of SMTP services. More information can be found in Lesson 2.
Configuring Transport Layer Security (TLS) encryption. Users can be required to use TLS, which is similar to Secure Sockets Layer (SSL), to connect to and communicate with the SMTP server. This requirement Free A+ exam questions will secure data using encryption, but it does not implement user authentication.


Report this article Ask About This Article


Loading...
More to Explore