This topic has not yet been rated - Rate this topic

Planning the Placement of CRL Distribution Points

Updated: October 1, 2009

Applies To: Windows 7, Windows Server 2008 R2

Important
This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (http://go.microsoft.com/fwlink/?LinkId=179988).

Certificate revocation list (CRL) distribution points are a critical component of the following aspects of DirectAccess:

DirectAccess clients use certificate revocation checking to validate the DirectAccess server certificate for Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS) connections. Without a reachable CRL distribution point on the Internet, all IP-HTTPS-based DirectAccess connections will fail.
DirectAccess clients use certificate revocation checking to validate the certificate for the HTTPS connection to the network location server. Without a reachable CRL distribution point on the intranet, intranet detection fails, which can impair intranet connectivity for DirectAccess clients.

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Additions