26 January 2015

Clear CRL (Certificate Revocation List) cache on client computer

While testing the Microsoft PKI project in my organisation, i've encountered strange issue: user's certificate have been revoked, CRL published, but client computer was not requesting new certificate for user.

Digging resulted that in fact, client computer was not seeing that certificate was revoked. To fix this, you just need to clear CRL cache. That will do:

certutil -urlcache * delete

pki (en)

Last updated on 12 May 2016.
Hits: 3166

Previous article: Export address book directly from the server in Lync 2010/2013
Next article: Howto import all domain users into Microsoft Lync 2010/2013

Add comment

Clear CRL (Certificate Revocation List) cache on client computer

Related Articles

Error 0x80094011: Windows XP client cannot enroll certificate from ADCS

Viewing and deleting the OCSP and CRL cache on Windows. Verifying certificate validity.

Archiving and recovering (export) private key in Active Directory Certification Services (ADCS)

Default URLs for default Enterprise CA installation

Cookies policy

Cookie Policy for B-blog.info

What Are Cookies

How We Use Cookies

Disabling Cookies

The Cookies We Set

Third Party Cookies

More Information