A very dark topic for many people is CRL caching. It seems unimportant, too technical, not well documented and very difficult. Still, I think it’s important enough to embrace it and I hope you’ll see it’s a little bit easier than you probably think it is. In this article the focus is on Windows XP/Windows Server 2003 and upwards.
You can only understand the workings of CRL caching if you understand basic terms like a certificate, a PKI and a CRL. This article isn’t meant to explain everything about these terms (otherwise I’m actually writing a whole book), but I’m going to give a small introduction to CRLs nevertheless: many people have at least a decent idea about what a certificate or PKI is, but they start sweating from the point they hear terms like “CRL”. That’s why I’ll skip the theory about certificates and PKIs, but on the other hand introduce you to CRLs anyway. So if you don’t know what a certificate or PKI is, this article is above your head. If you do, don’t hesitate to continue, even if the abbreviation CRL doesn’t tell you a thing. After the CRL introduction, which should not be considered a full presentation of the subject, we’ll tackle the CRL caching itself. Be aware I’m only dealing with the X.509 certificate standard here, which is the normal and most common certificate standard abroad. Read the rest of this entry »