Your network contains a server that runs Windows Server 2008 R2. The server is configured as an enterprise root certification authority (CA).
You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a many-to-one mapping.
You revoke a certificate issued to an external partner. You need to prevent the external partner from accessing the Web site.
What should you do?

A.
Run certutil.exe -crl.

B.
Run certutil.exe -delkey.

C.
From Active Directory Users and Computers, modify the membership of the IIS_IUSRS group.

D.
From Active Directory Users and Computers, modify the Contact object for the external partner.