Hi,
I use public certificates for email validation (S/MIME).
I got Outlook clients and an Exchange server.
I dont have internal PKI, only public certificates (Thawte, Verisign, Comodo, GoDaddy ...)
No problem for importing certificate in Outlook and digitally sign an email.
My issue is on revocation.
I can revoke a certificate, and I can see a bit later the certificate revoked in the published provider CRL
The main issue is that my Outlook clients still see the certificate as valid.
I dont know how CRL updates works.
I know that I need to setup I.E options to allow CRL checks, but I don't know how Outlook updates the CRL.
Is it Outlook ? Is it Windows ? Is it Exchange ? who does the CRL update ?
And what is the process ? Is there a service I can restart, or a command to run to force CRL update ?
Where can I see if the CRL is up to date on client side ?
Any help is welcome.
thank you.