You have users that access web applications by using HTTPS. The web applications are located on the servers
in your perimeter network. The servers use certificates obtained from an enterprise root certification authority
(CA). The certificates are generated by using a custom template named WebApps. The certificate revocation
list (CRL) is published to Active Directory.When users attempt to access the web applications from the Internet, the users report that they receive a
revocation warning message in their web browser. The users do not receive the message when they access
the web applications from the intranet.
You need to ensure that the warning message is not generated when the users attempt to access the web
applications from the Internet.
What should you do?
A.
Install the Certificate Enrollment Web Service role service on a server in the perimeter network.
B.
Modify the WebApps certificate template, and then issue the certificates used by the web application
servers.
C.
Install the Web Application Proxy role service on a server in the perimeter network. Create a publishing
point for the CA.
D.
Modify the CRL distribution point, and then reissue the certificates used by the web application servers.
Answer should be A.
https://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx
WAP has got nothing to do with certificates!
3
12
I’m agree with you, because users are getting error when they access from in intranet network. So, here the answer should be A.
0
7
So why do you guys want to request new certificates from the Internet exactly? Because that’s what A does.
What is the problem here? Users get a revocation warning while on the Internet, but not on the Intranet. So where is the revocation information? According to the question, it’s published to Active Directory. That explains why they can’t get there from the Internet, the company’s AD is not exposed to the Internet.
So we need to publish the revocation list to another location, one that the Internet-based clients CAN get to. A public-facing webserver for example.
We do this by adding that new location as a Certificate Revocation List (CRL) distribution point. Since the location(s) is/are stored in the certificate, we’ll need to re-issue.
So, as far as I’m concerned, the answer is D. Do feel free to correct me.
26
1
Should be A, because:
Certificate Enrollment Web Service
“allows users to obtain certificates using the HTTP
enables to connect to a CA through web services,
as a proxy for CA, and enables:
– to download root certificates
– request and install cert
– renew cert
– get revocation lists (CRLs)”
0
9
WAP is about authentication not certificates.
0
1