UEU-co logo

ch22lev1sec7.html


Previous Page Next Page

Managing the CA

If your users (and you, the administrator) can request certificates from your CA and receive them successfully, this means that your CA has been configured correctly and is up and running. Managing the CA and its certificates is done in the Certification Authority snap-in (which can be run in the Server Manager or the MMC: Start, Administrative Tools, Certification Authority).

You can view certificates that the CA has issued by expanding the CA node (in this case, a root CA) and then selecting the Issued Certificates node (see Figure 22.17).

Figure 22.17. You can view issued certificates.

[View full size image]

You also can view pending requests and failed requests for certificates by selecting the appropriate folder in the snap-in tree. That brings us to revoked certificates. Revoked certificates are issued certificates that you revoke for a particular reason. For example, the key of the certificate might have been compromised, or the CA itself might have been compromised (meaning that you are going to revoke a lot of bad certificates). In some cases, you might also want to put a hold on a certificate by temporarily revoking it. This type of revocation can be reversed later so that the certificate can again be used by the assignee.

To revoke a particular certificate, follow these steps:

1. Click the Issued Certificates node to view all issued certificates in the Details pane. Right-click a certificate in the Details pane, point at All Tasks and then Revoke Certificate. The Certificate Revocation dialog box opens.

2. To select a reason for revoking the certificate, click the Reason code drop-down box and select a listed reason. If you plan to take the revocation off the certificate at a later time, you must select the Certificate Hold reason code.

3. After selecting the reason code, click Yes to revoke the certificate.

You can view revoked certificates by selecting the Revoked Certificates folder in the snap-in tree (see Figure 22.18). The revocation date and other specifics related to the revoked certificates are displayed in the Details pane.

Figure 22.18. Revoked certificates can be viewed in the snap-in.

[View full size image]

You can unrevoke certificates that have been placed on hold. Certificate Hold then appears in the Revocation Reason column of the Details pane for these certificates. To unrevoke a certificate, right-click the certificate, point at All Tasks, and then select Unrevoke Certificate. The certificate is removed from the Revoked Certificates folder and placed in the Issued Certificates folder. When you have completed working with the Certification Authority snap-in, you can close it by clicking its Close button in the upper-right corner.

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited