Windows 10: How to to Add HTTP CRL locations to existing Machine Certificate template to automatically...

Need to Add HTTP CRL locations to existing Machine Certificate template used to automatically issue certificates to workstations in MSPKI

:)

 

Certificate Templates on the client side

Hi,

Good day to you all! I hope this is the right place to ask this.

I have a few questions related to how certificate templates are being stored and distributed under AD CS:

• How do the clients get a list of applicable certificate templates from the enterprise CA, which is shown at the time when a new manual certificate enrollment is performed (e.g., someone goes to certmgr and request for a new certificate)?
• How are certificate templates being stored on both the CA side and the client side? Is there a directory that the templates reside in? Or are they just a collection of Windows registries (e.g. Software\Microsoft\Cryptography\CertificateTemplateCache
  under HKCU and HKLM)?
• Is it possible to programmatically read and parse certificate templates on the client side, ideally via some Microsoft provided public API? I am asking this because sometimes it is useful to check, verify and debug that
  
  a) clients are getting all the expected templates;
  
  b) the content of templates are as expected (particularly useful if there were templates of duplicated names, or an old template has its setting changed but the name is kept);
  
  c) applicable clients are indeed getting the same list of templates.

Please bear with me as I am a rookie to AD CS.

Thanks!

 

CRL caching behaviour of windows mobile 6.1 and Online Certificate Status Protocol (OCSP)

Hi,

Need information regarding CRL caching behaviour of windows mobile 6.1 and does it support Online Certificate Status Protocol (OCSP)?

Many thanks for the help.

-DK

 

family safity blocks google.com, yotube.com

On some machines, we have seen an issue where the Family Safety certificate installs, but the corresponding Certificate Revocation List (CRL) fails to install, and as a result all HTTPS websites are broken for your child account.

You can work around the issue by turning off Web Filtering AND Web Activity Reporting for the child.

If you want to fix the problem, you will need to delete the Family Safety certificate from the Trusted Root Certificate Authorities store for the local machine. This is not easy to get to, but here's how to do it:

1. Follow the instructions on this page to open Certificate Manager for the Local Machine: https://technet.microsoft.com/en-us/library/cc754431.aspx#BKMK_computer

2. Find the Trusted Root Certification Authorities folder. Verify that the Microsoft Family Safety certificate is present. If you don't see the Microsoft Family Safety certificate, stop; something else is causing your issue. (Or, you may have opened Certificate
Manager for the current user, instead of for the "Local Machine". Check step 1 again.)

3. Expand the Trusted Root Certification Authorities\Certificate Revocation Lists subfolder. If the folder is missing, or Microsoft Family Safety is not listed, then you are hitting this known issue. If you DO see the Microsoft Family Safety entry, then
stop; something else is causing your issue.

4. Once you have confirmed the diagnosis (Family Safety certificate is present, but CRL is missing), then go ahead and delete the Microsoft Family Safety certificate and reboot.

5. The next time you log in with a child account, the certificate and CRL will be automatically re-created, and HTTPS websites should work.