Your company has an office in New York.
Many users connect to the office from home by using the Internet.
You deploy an Active Directory Certificate Services (AD CS) infrastructure that contains an enterprise certification authority (CA) named CA1.
CA1 is only available from hosts on the internal network.
You need to ensure that the certificate revocation list (CRL) is available to all of the users.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A.
Create a scheduled task that copies the CRL files to a Web server.
B.
Run the Install-ADCSWebEnrollment cmdlet.
C.
Run the Install-EnrollmentPolicyWebService cmdlet.
D.
Deploy a Web server that is accessible from the Internet and the internal network.
E.
Modify the location of the Authority Information Access (AIA).
F.
Modify the location of the CRL distribution point (CDP).
Explanation:
D: access to CRLs for the ‘Internet scenario’ is fully supported and includes the following features:
CRLs will be located on Web servers which are Internet facing.
CRLs will be accessed using the HTTP retrieval protocol.
CRLs will be accessed using an external URL of
http://dp1.pki.contoso.com/pk
F: To successfully authenticate an Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS)-based connection, DirectAccess clients must be able to
check for certificate revocation of the secure sockets layer (SSL) certificate submitted by the DirectAccess server.
To successfully perform intranet detection, DirectAccess clients must be able to check for certificate revocation of the SSL certificate submitted by the network
location server.
This procedure describes how to do the following:
Create a Web-based certificate revocation list (CRL) distribution point using Internet Information Services (IIS)
Configure permissions on the CRL distribution shared folder Publish the CRL in the CRL distribution shared folder
Configure a CRL Distribution Point for Certificates