1
00:00:07,760 --> 00:00:16,340
Revocation is the process in which you disable the validity of one or more certificates by initiating

2
00:00:16,340 --> 00:00:23,210
the revocation process, you publish a certificate, some print in the Correspondence Certificate,

3
00:00:23,210 --> 00:00:25,680
Revocation List or CRM.

4
00:00:26,450 --> 00:00:31,940
This amount says that a specific certificate is no longer valid.

5
00:00:32,780 --> 00:00:37,550
An overview of the certificate revocation lifecycle is as follows.

6
00:00:37,940 --> 00:00:48,640
First, a certificate is revoked from a CAA Microsoft management console in Specify a Reason code and

7
00:00:48,750 --> 00:00:52,160
the date and time during revocation.

8
00:00:52,610 --> 00:00:54,710
This is optional, but recommended.

9
00:00:55,220 --> 00:01:06,890
Second, the CRL publishes by use of the CAA console or this scheduled revocation list publishes automatically

10
00:01:07,130 --> 00:01:09,290
based on the configured well.

11
00:01:09,290 --> 00:01:13,490
You see a rules can publish and in aid.

12
00:01:13,490 --> 00:01:18,890
It is in a shared folder, location or on a website.

13
00:01:19,880 --> 00:01:23,420
Third, when client computers surrounding on windows.

14
00:01:24,530 --> 00:01:26,750
Are presented with a certificate.

15
00:01:27,170 --> 00:01:27,750
They are.

16
00:01:28,700 --> 00:01:35,240
They use a process to verify the revocation status by squaring the issue.

17
00:01:35,450 --> 00:01:43,190
See, and so the application this process determines whether the certificate is the reward and then

18
00:01:43,550 --> 00:01:49,940
presents that information to the application that the requested the verification.

19
00:01:50,850 --> 00:02:00,990
The computer running windows uses one of the serial locations specified in the certificate to check

20
00:02:00,990 --> 00:02:02,250
its validity.

21
00:02:03,840 --> 00:02:11,310
Windows operating systems include Group API, which is responsible for the certificate, revocation

22
00:02:11,310 --> 00:02:20,730
and Status Check and Processes Group to API uses the following phases in the certificate changes process.

23
00:02:21,950 --> 00:02:25,310
Phase one certificate discovery.

24
00:02:26,320 --> 00:02:36,160
Certificate Discovery collects senior certificate information and issued certificates and details of

25
00:02:36,160 --> 00:02:38,320
the certificate enrollment process.

26
00:02:39,250 --> 00:02:48,400
Face to birth validation, birth validation is a process of verifying the certificate through the C

27
00:02:48,400 --> 00:02:53,170
chain or birth until the roots say certificate is reached.

28
00:02:55,610 --> 00:03:05,270
Another faceless revocation checking each certificate in the certificate chain is verified to ensure

29
00:03:05,270 --> 00:03:15,110
that none of the certificates are involved and fees for network retrieval and GERSSON network retrieval

30
00:03:15,500 --> 00:03:22,040
is performed by using an online certificate status protocol or always CSP.

31
00:03:23,680 --> 00:03:31,450
Group two API is responsible for checking the local gas first for revocation information, and if there

32
00:03:31,450 --> 00:03:41,980
is no match making a goal by using a CSP, which is based on the ureal that the issued certificate provides.

33
00:03:43,060 --> 00:03:50,960
Some words about what is on the line responder, a service, you can also use an online responder,

34
00:03:50,960 --> 00:03:57,370
a service which is a more effective way to check certificate revocation status.

35
00:03:57,910 --> 00:04:07,600
By using the always a or an online responder, a service provides clients with an efficient way to determine

36
00:04:07,600 --> 00:04:10,150
the revocation status of a certificate.

37
00:04:10,750 --> 00:04:14,440
Oh sure, Spear submits certificate status request.

38
00:04:14,440 --> 00:04:24,190
By using this tidbit, clients access Cyril's to determine the revocation status of a certificate.

39
00:04:24,580 --> 00:04:32,920
Cyril's must be large and clients must use a large amount of time to search through this or else and

40
00:04:32,920 --> 00:04:40,660
online responder or a service can search this URLs dynamically for the clients client and respond to

41
00:04:40,660 --> 00:04:44,590
their client about the status of the requested certificate.

42
00:04:45,250 --> 00:04:53,140
You can use a single online responder to determine revocation status information for certificates that

43
00:04:53,140 --> 00:04:58,240
are issued by a single C or by multiple sources.

44
00:04:58,870 --> 00:05:00,580
You also can use this.

45
00:05:02,270 --> 00:05:08,180
More than one online responder to distribute see revocation status.

46
00:05:08,990 --> 00:05:14,480
Who should install an online responder and see on different computers?

47
00:05:15,050 --> 00:05:23,280
You must configure the service to include the your real or the online responder in the air.

48
00:05:23,330 --> 00:05:25,610
Extension of issued certificates.

49
00:05:26,560 --> 00:05:32,620
They always see us speak land, use this rail to validate the certificate stated.

50
00:05:33,430 --> 00:05:39,310
We also must issue the obviously oil spill response sign and certificate template.

51
00:05:39,790 --> 00:05:43,840
So the only responder also can enroll that certificate.

52
00:05:45,270 --> 00:05:51,300
Next up, we'll be talking about an overview of key archival and recovery.