Certutil
Ignore Revocation Checking – The bane of my existence!
As students in my PKI training classes know, one of the areas I am a vocal about is the blind use of the CRLF_REVCHECK_IGNORE_OFFLINE setting in a PKI environment. I am so adamantly against the use of this setting, I personally refuse to ever explicitly share or type the syntax to enable this nasty beast.…
Read MoreNew Certutil Argument – DownloadOCSP and Details of Caching issue with -Verify
During the development of my new ADCS Advanced PKI Training Class, I was working on creating a process to demonstrate how to manipulate the OCSP caching behavior in Windows. If you aren’t already aware, Microsoft OCSP responders use the expiration date of the authoritative CRL used for their answers as the expiration date (Next Update…
Read More