Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Planning the Placement of CRL Distribution Points

Updated: October 1, 2009

Applies To: Windows 7, Windows Server 2008 R2

ImportantImportant
This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (http://go.microsoft.com/fwlink/?LinkId=179988).

Certificate revocation list (CRL) distribution points are a critical component of the following aspects of DirectAccess:

  • DirectAccess clients use certificate revocation checking to validate the DirectAccess server certificate for Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS) connections. Without a reachable CRL distribution point on the Internet, all IP-HTTPS-based DirectAccess connections will fail.

  • DirectAccess clients use certificate revocation checking to validate the certificate for the HTTPS connection to the network location server. Without a reachable CRL distribution point on the intranet, intranet detection fails, which can impair intranet connectivity for DirectAccess clients.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.