CRLOverlap Question [Windows Newsgroups Reader]

Group: English: Windows Server » microsoft.public.windows.server.security
Thread: CRLOverlap Question

CRLOverlap Question

"MarioC" <marioc[ at ]kapsch.net> 12/15/2008 2:35:19 PM

Hi,

Windows 2003 Certificate Services on Windows Server 2003 R2 SP2 Enterprise
Edition:

I want to publish a new CRL once an hour.
The CRL should be valid for 1 week.

The CRL publication interval is set to 1 hour.
CRLPeriod = Hours
CRLPeriodUnits = 1

The CRLOverlap interval is set to 1 week.
CRLOverlapPeriod = Weeks
CRLOverlapUnits = 1

However, the "CRL Next publish" setting is set to currenttime+CRL
publication interval+10min which is ok.
The "CRL next update" setting is set to currenttime+2 hours+20minutes which
is not ok.

Are there any restrictions, that a CRLOverlap interval can't be greater that
a specific value ?
If yes, is it possible to change that behavior ?

many thanks
mario

Re: CRLOverlap Question

Chipeater <david.wozny[ at ]gmail.com> 12/15/2008 4:16:42 PM

Hi Mario,
The CRL overlap validity period cannot be a value greater than the CRL
base validity period (shame) - if you configure it to be longer it
just gets trimmed to the same value as the base CRL.

Dave

Re: CRLOverlap Question

"MarioC" <marioc[ at ]kapsch.net> 12/15/2008 5:06:59 PM

hi,

thanks.
and there's really no way to change that behavior ?

mario

"Chipeater" <david.wozny[ at ]gmail.com> wrote in message
news:ecf80004-a3b0-4b2c-99ab-bbed60a3ff25[ at ]a12g2000pro.googlegroups.com...
[Quoted Text]
> Hi Mario,
> The CRL overlap validity period cannot be a value greater than the CRL
> base validity period (shame) - if you configure it to be longer it
> just gets trimmed to the same value as the base CRL.
>
> Dave

Re: CRLOverlap Question

Chipeater <david.wozny[ at ]gmail.com> 12/15/2008 8:23:14 PM

Mario,
No workaround to my knowledge - I've often thought it'd be useful to
have much longer CRL overlaps.

Perhaps someone else could advise.

Dave

Re: CRLOverlap Question

"MarioC" <marioc[ at ]kapsch.net> 12/17/2008 8:37:01 AM

ok, many thanks for your answer, dave.
mario

"Chipeater" <david.wozny[ at ]gmail.com> wrote in message
news:8839b0fc-b79d-45f1-b3da-7daba77490fb[ at ]k24g2000pri.googlegroups.com...
[Quoted Text]
> Mario,
> No workaround to my knowledge - I've often thought it'd be useful to
> have much longer CRL overlaps.
>
> Perhaps someone else could advise.
>
> Dave

Home | Search | Terms | Imprint

Newsgroups Reader