Domain Admins is the minimum group membership required to complete this procedure.
To extend the validity period for CRL and OCSP responses for a domain- Click Start, point to Administrative Tools, and click Server Manager.
- Under Features Summary, click Add Features. Select the Group Policy Management check box, click Next, and then click Install.
- After the Installation Results page shows that the installation of the GPMC was successful, click Close.
- Click Start, point to Administrative Tools, and then click Group Policy Management.
- In the console tree, double-click Group Policy Objects in the forest and domain containing the Default Domain Policy GPO that you want to edit.
- Right-click the Default Domain Policy GPO, and then click Edit.
- In the console tree under Computer Configuration\Windows Settings\Security Settings, click Public Key Policies.
- Double-click Certificate Path Validation Settings, and then click the Revocation tab.
- Select the Define these policy settings check box, and then select the Allow CRL and OCSP responses to be valid longer than their lifetime check box.
- In the Default time the validity period can be extended box, enter a value of time (in hours), and then click OK to apply the new settings.
No comments:
Post a Comment