Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Manually download CRL through ldap URI?

1,067 views
Skip to first unread message

Wei-chun Chao

unread,
Oct 18, 2000, 3:00:00 AM10/18/00
to
Hi,
We set up a certificate authority and configured it to publish CRL
through ldap URI.
The CDP in the certificate is
ldap://MS-ENT-CA.zz-lab-elm.cisco.com/CN=MS-ENT-CA,CN=MS-ENT-CA,CN=CDP,CN=Pu
blic%20Key%20Services,CN=Services,CN=Configuration,DC=zz-lab-elm,DC=cisco,DC
=com?certificateRevocationList?base?objectclass=cRLDistributionPoint

Because currently our router has problem to handle special characters (%xx)
in CDP, we can't download CRL with router.
I can use Active Directory Service to see the CDP is there.
But how do we know if the CRL is published correctly?
Is there any way we can manually get it?
For Netscape directory server, we can just paste the ldap URI into
a browser and get the CRL.
Tried to do the same with MS but failed.

Thank you in advance.
Weichun

Steve Judd

unread,
Oct 18, 2000, 8:50:10 PM10/18/00
to
You should be able to view the CRL with ADSIedit, by pasting in the LDAP
URI.

-s


"Wei-chun Chao" <weic...@cisco.com> wrote in message
news:971911212.215467@sj-nntpcache-3...

Wei-chun Chao

unread,
Oct 19, 2000, 3:00:00 AM10/19/00
to
OK...
Now I can use ADSIedit to see CRL is published here alright
ldap://MS-ENT-CA.zz-lab-elm.cisco.com/CN=MS-ENT-CA,CN=MS-ENT-CA,CN=CDP,CN=Pu
blic%20Key%20Services,CN=Services,CN=Configuration,DC=zz-lab-elm,DC=cisco,DC
=com

But trying to query it with full ldap URI on IE or Address book doesn't
work.
Using our router or IRE VPN client to download CRL also failed.
Is there a client or program that can query ADS with LDAP URI?
Or the problem is because of access permission config?
(I set them to everyone already...)

Thank you for the help!!
Weichun


"Steve Judd" <sgjudd@-nospam-gte.net> wrote in message
news:6zrH5.1082$Mw4.2...@paloalto-snr1.gtei.net...

Steve Judd

unread,
Oct 20, 2000, 3:00:00 AM10/20/00
to
see below...

"Wei-chun Chao" <weic...@cisco.com> wrote in message

news:972002501.342669@sj-nntpcache-5...


> OK...
> Now I can use ADSIedit to see CRL is published here alright
>
ldap://MS-ENT-CA.zz-lab-elm.cisco.com/CN=MS-ENT-CA,CN=MS-ENT-CA,CN=CDP,CN=Pu
>
blic%20Key%20Services,CN=Services,CN=Configuration,DC=zz-lab-elm,DC=cisco,DC
> =com
>
> But trying to query it with full ldap URI on IE or Address book doesn't
> work.

Correct, IE / Address Book do not understand how to display random objects
from an LDAP directory.

> Using our router or IRE VPN client to download CRL also failed.
> Is there a client or program that can query ADS with LDAP URI?

You can easily write a program that can access the CRL, using ADSI or
straight LDAP.

> Or the problem is because of access permission config?
> (I set them to everyone already...)
>
> Thank you for the help!!
> Weichun
>
>
> "Steve Judd" <sgjudd@-nospam-gte.net> wrote in message
> news:6zrH5.1082$Mw4.2...@paloalto-snr1.gtei.net...

0 new messages