Export (0) Print
Expand All

Planning the Placement of CRL Distribution Points

Updated: October 1, 2009

Applies To: Windows 7, Windows Server 2008 R2

ImportantImportant
This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (http://go.microsoft.com/fwlink/?LinkId=179988).

Certificate revocation list (CRL) distribution points are a critical component of the following aspects of DirectAccess:

  • DirectAccess clients use certificate revocation checking to validate the DirectAccess server certificate for Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS) connections. Without a reachable CRL distribution point on the Internet, all IP-HTTPS-based DirectAccess connections will fail.

  • DirectAccess clients use certificate revocation checking to validate the certificate for the HTTPS connection to the network location server. Without a reachable CRL distribution point on the intranet, intranet detection fails, which can impair intranet connectivity for DirectAccess clients.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft