Your network contains a server that runs Windows Server 2008 R2. The server is configured
as an enterprise root certification authority (CA).
You have a Web site that uses x.509 certificates for authentication. The Web site is
configured to use a manyto-one mapping.
You revoke a certificate issued to an external partner. You need to prevent the external
partner from accessing the Web site.
What should you do?
A.
Run certutil.exe -crl.
B.
Run certutil.exe -delkey.
C.
From Active Directory Users and Computers, modify the membership of the IIS_IUSRS
group.
D.
From Active Directory Users and Computers, modify the Contact object for the external
partner.
Explanation:
http://technet.microsoft.com/library/cc732443.aspxCertutil
Certutil.exe is a command-line program that is installed as part of Certificate Services. You
can use Certutil.exe to dump and display certification authority (CA) configuration
information, configure Certificate Services, backup and restore CA components, and verify
certificates, key pairs, and certificate chains.
Verbs -CRL
Publish new certificate revocation lists (CRLs) [or only delta CRLs]
http://technet.microsoft.com/en-us/library/cc783835%28v=ws.10%29.aspx
Requesting Offline Domain Controller Certificates (Advanced Certificate Enrollment and
Management)
If you have determined the keycontainername for a specific certificate, you can delete the
key container with the following command.
certutil.exe -delkey <KeyContainerName>
The -delkey option is supported only with the Windows Server 2003 version of certutil. On
Windows 2000, you must add a prefix to the commands. The prefix is the path you have
copied the Windows Server 2003 version of certutil to. In this white paper, the
%HOMEDRIVE%\W2K3AdmPak path is used.