{"id":108,"date":"2022-04-15T13:43:00","date_gmt":"2022-04-15T05:43:00","guid":{"rendered":"https:\/\/www.ruianding.com\/blog\/?p=108"},"modified":"2023-08-31T01:50:57","modified_gmt":"2023-08-30T17:50:57","slug":"configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis","status":"publish","type":"post","link":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/","title":{"rendered":"Configuring a CRL Distribution Point for a Certificate Authority via IIS"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"overview\"><strong>Overview<\/strong><\/h2>\n\n\n\n<p><strong>Certificate revocation list (CRL)<\/strong>&nbsp;is a part of the X.509 security standard of the International Telecommunication Union (ITU). It&#8217;s a way for CAs (or CRL issuers) to make it known that one or more of their digital certificates is no longer trustworthy for one reason or another.<\/p>\n\n\n\n<p><strong>A CA can revoke a certificate of your website for one of several reasons:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li style=\"font-size:16px\">Someone compromises (or is suspected of compromising) your certificate\u2019s private key. (This is the most common reason.)<\/li>\n\n\n\n<li style=\"font-size:16px\">The CA mis-issues a certificate and issues a new one to replace it.<\/li>\n\n\n\n<li style=\"font-size:16px\">The CA itself is compromised.<\/li>\n\n\n\n<li style=\"font-size:16px\">Your organizational details listed in the certificate (for example, your organization\u2019s name) change and the CA needs to reissue the cert to reflect that change.<\/li>\n\n\n\n<li style=\"font-size:16px\">A certificate is illegitimate or was fraudulently signed with a stolen key.<\/li>\n<\/ul>\n\n\n\n<p>Additionally, a&nbsp;<strong>CRL Distribution Point (CDP)<\/strong>&nbsp;is a&nbsp;<strong>shared location<\/strong>&nbsp;on the network that is used to store the CRL and certificates. The CDP in the certificate&nbsp;<strong>must<\/strong>&nbsp;exist to prove that the certificate is valid and has not been revoked.<\/p>\n\n\n\n<p>Generally, if the certificate was issued by an on-premises Enterprise CA, the CDP will use LDAP protocol by default. And the purpose for this certificate would only be communicating internally. Moreover, LDAP is only applicable for on-premises network queries.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png\" alt=\"\" width=\"269\" height=\"366\"\/><\/figure>\n\n\n\n<p>If we want to use this certificate externally, we have to use a\u00a0<strong>http-based<\/strong>\u00a0CRL distribution point.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdphttp.png\" alt=\"\" width=\"267\" height=\"361\"\/><\/figure>\n\n\n\n<p><br>Follow below instruction to update your certificate authority that issues your domain controller certificates to include an\u00a0<strong>http-based<\/strong>\u00a0CDP.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"1-configure-internet-information-services-iis-to-host-crl-distribution-point\"><strong>1. Configure Internet Information Services (IIS) to host CRL distribution point<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-installing-the-web-server\"><strong>1.1 Installing the Web Server<\/strong><\/h3>\n\n\n\n<p>1.&nbsp;Sign-in to your server as a local administrator and start&nbsp;<strong>Server Manager<\/strong>&nbsp;if it did not start during your sign in.<\/p>\n\n\n\n<p>2.&nbsp;Click the&nbsp;<strong>Local Server<\/strong>&nbsp;node in the navigation pane. Click&nbsp;<strong>Manage<\/strong>&nbsp;and click&nbsp;<strong>Add Roles and Features<\/strong>.<\/p>\n\n\n\n<p>3.&nbsp;In the&nbsp;<strong>Add Role and Features Wizard<\/strong>, click&nbsp;<strong>Server Selection<\/strong>. Verify the selected server is the local server. Click&nbsp;<strong>Server Roles<\/strong>. Select the check box next to&nbsp;<strong>Web Server (IIS)<\/strong>.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-56.png\" alt=\"\" class=\"wp-image-380\" width=\"792\" height=\"494\"\/><\/figure>\n\n\n\n<p>4.&nbsp;Click&nbsp;<strong>Next<\/strong>&nbsp;through the remaining options in the wizard, accepting the defaults, and install the Web Server role.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"12-configure-the-web-server\"><strong>1.2 Configure the Web Server<\/strong><\/h3>\n\n\n\n<p>1.&nbsp;From&nbsp;<strong>Windows Administrative Tools<\/strong>, Open&nbsp;<strong>Internet Information Services (IIS) Manager<\/strong>.<\/p>\n\n\n\n<p>2.\u00a0Expand the navigation pane to show\u00a0<strong>Default Web Site<\/strong>. Select and then right-click\u00a0<strong>Default Web site<\/strong>\u00a0and click\u00a0<strong>Add Virtual Directory&#8230;<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-57.png\" alt=\"\" class=\"wp-image-381\" width=\"354\" height=\"439\"\/><\/figure>\n\n\n\n<p>3.&nbsp;In the&nbsp;<strong>Add Virtual Directory<\/strong>&nbsp;dialog box, type&nbsp;<strong>cdp<\/strong>&nbsp;in&nbsp;<strong>alias<\/strong>. For physical path, type or browse for the physical file location where you will host the certificate revocation list. For this example, the path&nbsp;<strong>c:\\cdp<\/strong>&nbsp;is used. Click&nbsp;<strong>OK<\/strong>.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-58.png\" alt=\"\" class=\"wp-image-382\" width=\"500\" height=\"296\"\/><\/figure>\n\n\n\n<p>4.&nbsp;Select&nbsp;<strong>CDP<\/strong>&nbsp;under&nbsp;<strong>Default Web Site<\/strong>&nbsp;in the navigation pane. Double-click&nbsp;<strong>Directory Browsing<\/strong>&nbsp;in the content pane. Click&nbsp;<strong>Enable<\/strong>&nbsp;in the details pane.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-59.png\" alt=\"\" class=\"wp-image-383\" width=\"606\" height=\"384\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-60.png\" alt=\"\" class=\"wp-image-385\" width=\"603\" height=\"346\"\/><\/figure>\n\n\n\n<p>5.&nbsp;Select&nbsp;<strong>CDP<\/strong>&nbsp;under&nbsp;<strong>Default Web Site<\/strong>&nbsp;in the navigation pane. Double-click&nbsp;<strong>Configuration Editor<\/strong>.&nbsp;<img decoding=\"async\" alt=\"\" src=\"https:\/\/blog.ruianding.com\/static\/images\/cdp\/cdp06.png\"><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-61.png\" alt=\"\" class=\"wp-image-386\" width=\"406\" height=\"337\"\/><\/figure>\n\n\n\n<p>6.&nbsp;In the&nbsp;<strong>Section<\/strong>&nbsp;list, navigate to&nbsp;<strong>system.webServer\/security\/requestFiltering<\/strong>.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-62.png\" alt=\"\" class=\"wp-image-387\" width=\"417\" height=\"432\"\/><\/figure>\n\n\n\n<p>In the list of named value-pairs in the content pane, configure&nbsp;<strong>allowDoubleEscaping<\/strong>&nbsp;to&nbsp;<strong>True<\/strong>. Click&nbsp;<strong>Apply<\/strong>&nbsp;in the actions pane.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-63.png\" alt=\"\" class=\"wp-image-388\" width=\"702\" height=\"440\"\/><\/figure>\n\n\n\n<p>7.&nbsp;Close&nbsp;<strong>Internet Information Services (IIS)<\/strong>&nbsp;Manager.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"13-create-a-dns-resource-record-for-the-crl-distribution-point-url\"><strong>1.3 Create a DNS resource record for the CRL distribution point URL<\/strong><\/h3>\n\n\n\n<p>1.&nbsp;On your DNS server or from an administrative workstation, open&nbsp;<strong>DNS Manager<\/strong>&nbsp;from&nbsp;<strong>Administrative Tools<\/strong>.<\/p>\n\n\n\n<p>2.&nbsp;Expand&nbsp;<strong>Forward Lookup Zones<\/strong>&nbsp;to show the DNS zone for your domain. Right-click your domain name in the navigation pane and click&nbsp;<strong>New Host (A or AAAA)&#8230;<\/strong><\/p>\n\n\n\n<p>3.&nbsp;In the&nbsp;<strong>New Host<\/strong>&nbsp;dialog box, type&nbsp;<strong>crl<\/strong>&nbsp;in&nbsp;<strong>Name<\/strong>. Type the&nbsp;<strong>IP address<\/strong>&nbsp;of the web server you configured in IP Address. Click&nbsp;<strong>Add Host<\/strong>. Click&nbsp;<strong>OK<\/strong>&nbsp;to close the&nbsp;<strong>DNS<\/strong>&nbsp;dialog box. Click&nbsp;<strong>Done<\/strong>.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-64.png\" alt=\"\" class=\"wp-image-389\" width=\"655\" height=\"433\"\/><\/figure>\n\n\n\n<p>4.&nbsp;Close the&nbsp;<strong>DNS Manager<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"2-prepare-a-file-share-to-host-the-certificate-revocation-list\"><strong>2. Prepare a file share to host the certificate revocation list<\/strong><\/h2>\n\n\n\n<p>The following procedures configure NTFS and share permissions on the web server to allow the certificate authority to automatically publish the certificate revocation list.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"21-configure-the-cdp-file-share\"><strong>2.1 Configure the CDP file share<\/strong><\/h3>\n\n\n\n<p>1.\u00a0On the web server, open\u00a0<strong>Windows Explorer<\/strong>\u00a0and navigate to the\u00a0<strong>cdp<\/strong>\u00a0folder you created in step 1.2 of\u00a0<strong>Configure the Web Server<\/strong>.<img decoding=\"async\" src=\"https:\/\/blog.ruianding.com\/static\/images\/cdp\/cdp10.png\" alt=\"\"><\/p>\n\n\n\n<p>2.&nbsp;Right-click the&nbsp;<strong>cdp<\/strong>&nbsp;folder and click&nbsp;<strong>Properties<\/strong>. Click the&nbsp;<strong>Sharing<\/strong>&nbsp;tab. Click&nbsp;<strong>Advanced Sharing<\/strong>.<\/p>\n\n\n\n<p>3.&nbsp;Select&nbsp;<strong>Share this folder<\/strong>. Type&nbsp;<strong>cdp$<\/strong>&nbsp;in&nbsp;<strong>Share name<\/strong>. Click&nbsp;<strong>Permissions<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-65.png\" alt=\"\" class=\"wp-image-390\" width=\"587\" height=\"427\"\/><\/figure>\n\n\n\n<p>4.&nbsp;In the&nbsp;<strong>Permissions for cdp$<\/strong>&nbsp;dialog box, click&nbsp;<strong>Add<\/strong>.<\/p>\n\n\n\n<p>5.&nbsp;In the&nbsp;<strong>Select Users, Computers, Service Accounts, or Groups<\/strong>&nbsp;dialog box, click&nbsp;<strong>Object Types<\/strong>. In the Object Types dialog box, select&nbsp;<strong>Computers<\/strong>, and then click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-66.png\" alt=\"\" class=\"wp-image-391\" width=\"604\" height=\"331\"\/><\/figure>\n\n\n\n<p>6.&nbsp;In the&nbsp;<strong>Select Users, Computers, Service Accounts, or Groups<\/strong>&nbsp;dialog box, in&nbsp;<strong>Enter the object names to select<\/strong>, type the name of the server running the certificate authority issuing the certificate revocation list, and then click&nbsp;<strong>Check Names<\/strong>. Click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-67.png\" alt=\"\" class=\"wp-image-392\" width=\"594\" height=\"434\"\/><\/figure>\n\n\n\n<p>7.&nbsp;In the&nbsp;<strong>Permissions for cdp$<\/strong>&nbsp;dialog box, select the certificate authority from the&nbsp;<strong>Group or user names list<\/strong>. In the&nbsp;<strong>Permissions for<\/strong>&nbsp;section, select&nbsp;<strong>Allow<\/strong>&nbsp;for&nbsp;<strong>Full control<\/strong>. Click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-68.png\" alt=\"\" class=\"wp-image-393\" width=\"611\" height=\"478\"\/><\/figure>\n\n\n\n<p>8.&nbsp;In the&nbsp;<strong>Advanced Sharing<\/strong>&nbsp;dialog box, click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"22-disable-caching\"><strong>2.2 Disable Caching<\/strong><\/h3>\n\n\n\n<p>1.&nbsp;On the web server, open&nbsp;<strong>Windows Explorer<\/strong>&nbsp;and navigate to the&nbsp;<strong>cdp<\/strong>&nbsp;folder you created in step 1.2 of&nbsp;<strong>Configure the Web Server<\/strong>.<\/p>\n\n\n\n<p>2.&nbsp;<strong>Right-click<\/strong>&nbsp;the&nbsp;<strong>cdp<\/strong>&nbsp;folder and click&nbsp;<strong>Properties<\/strong>. Click the&nbsp;<strong>Sharing<\/strong>&nbsp;tab. Click&nbsp;<strong>Advanced Sharing<\/strong>.<\/p>\n\n\n\n<p>3.&nbsp;Click&nbsp;<strong>Caching<\/strong>. Select&nbsp;<strong>No files or programs from the shared folder are available offline<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-69.png\" alt=\"\" class=\"wp-image-394\" width=\"698\" height=\"330\"\/><\/figure>\n\n\n\n<p>4.&nbsp;Click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"23-configure-ntfs-permission-for-the-cdp-folder\"><strong>2.3 Configure NTFS permission for the CDP folder<\/strong><\/h3>\n\n\n\n<p>1.&nbsp;On the web server, open&nbsp;<strong>Windows Explorer<\/strong>&nbsp;and navigate to the cdp folder you created in step 1.2 of&nbsp;<strong>Configure the Web Server<\/strong>.<\/p>\n\n\n\n<p>2.&nbsp;Right-click the&nbsp;<strong>cdp<\/strong>&nbsp;folder and click&nbsp;<strong>Properties<\/strong>. Click the&nbsp;<strong>Security<\/strong>&nbsp;tab.<\/p>\n\n\n\n<p>3.&nbsp;On the&nbsp;<strong>Security<\/strong>&nbsp;tab, click&nbsp;<strong>Edit<\/strong>.<\/p>\n\n\n\n<p>4.&nbsp;In the&nbsp;<strong>Permissions for cdp<\/strong>&nbsp;dialog box, click&nbsp;<strong>Add<\/strong>.<\/p>\n\n\n\n<p>5.&nbsp;In the&nbsp;<strong>Select Users, Computers, Service Accounts, or Groups<\/strong>&nbsp;dialog box, click&nbsp;<strong>Object Types<\/strong>. In the&nbsp;<strong>Object Types<\/strong>&nbsp;dialog box, select&nbsp;<strong>Computers<\/strong>. Click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-70.png\" alt=\"\" class=\"wp-image-395\" width=\"639\" height=\"358\"\/><\/figure>\n\n\n\n<p>6.&nbsp;In the&nbsp;<strong>Select Users, Computers, Service Accounts, or Groups<\/strong>&nbsp;dialog box, in Enter the object names to select, type the name of the certificate authority, and then click Check Names. Click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-71.png\" alt=\"\" class=\"wp-image-396\" width=\"457\" height=\"254\"\/><\/figure>\n\n\n\n<p>7.&nbsp;In the&nbsp;<strong>Permissions for cdp<\/strong>&nbsp;dialog box, select the name of the certificate authority from the&nbsp;<strong>Group or user names<\/strong>&nbsp;list. In the&nbsp;<strong>Permissions for<\/strong>&nbsp;section, select&nbsp;<strong>Allow<\/strong>&nbsp;for&nbsp;<strong>Full control<\/strong>. Click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-72.png\" alt=\"\" class=\"wp-image-397\" width=\"334\" height=\"421\"\/><\/figure>\n\n\n\n<p>8.&nbsp;Click&nbsp;<strong>Close<\/strong>&nbsp;in the&nbsp;<strong>cdp Properties<\/strong>&nbsp;dialog box.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"3-make-the-cdp-iis-website-accessible-to-the-public\"><strong>3. Make the CDP IIS Website Accessible to the Public<\/strong><\/h2>\n\n\n\n<p>If you have Azure Premium license, you can simply use Azure AD Application Proxy to publish this CDP website. Please refer to my next post for the step-by-step instructions:<\/p>\n\n\n\n<p><a href=\"https:\/\/blog.ruianding.com\/posts\/16\">Publish your CDP via Azure AD Application Proxy<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"4-configure-the-new-crl-distribution-point-and-publishing-location-in-the-issuing-certificate-authority\"><strong>4. Configure the new CRL distribution point and Publishing location in the issuing certificate authority<\/strong><\/h2>\n\n\n\n<p>The web server is ready to host the CRL distribution point. Now, configure the issuing certificate authority to publish the CRL at the new location and to include the new CRL distribution point<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"41-configure-the-crl-distribution-point\"><strong>4.1 Configure the CRL Distribution Point<\/strong><\/h3>\n\n\n\n<p>1.&nbsp;On the issuing certificate authority, sign-in as a local administrator. Start the&nbsp;<strong>Certificate Authority<\/strong>&nbsp;console from&nbsp;<strong>Administrative Tools<\/strong>.<\/p>\n\n\n\n<p>2.&nbsp;In the navigation pane, right-click the name of the certificate authority and click&nbsp;<strong>Properties<\/strong><\/p>\n\n\n\n<p>3.&nbsp;Click&nbsp;<strong>Extensions<\/strong>. On the&nbsp;<strong>Extensions<\/strong>&nbsp;tab, select&nbsp;<strong>CRL Distribution Point (CDP)<\/strong>&nbsp;from the&nbsp;<strong>Select extension<\/strong>&nbsp;list.<\/p>\n\n\n\n<p>4.&nbsp;On the&nbsp;<strong>Extensions<\/strong>&nbsp;tab, click&nbsp;<strong>Add<\/strong>. Type the following and do not forget the trailing forward slash.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http:\/\/&lt;serverurl>\/cdp\/\ne.g. http:\/\/crl.contoso.com\/cdp\/<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdp19.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>5.&nbsp;Select&nbsp;<strong>&lt;CaName&gt;<\/strong>&nbsp;from the&nbsp;<strong>Variable<\/strong>&nbsp;list and click&nbsp;<strong>Insert<\/strong>. Select&nbsp;<strong>&lt;CRLNameSuffix&gt;<\/strong>&nbsp;from the&nbsp;<strong>Variable<\/strong>&nbsp;list and click&nbsp;<strong>Insert<\/strong>. Select&nbsp;<strong>&lt;DeltaCRLAllowed&gt;<\/strong>&nbsp;from the&nbsp;<strong>Variable<\/strong>&nbsp;list and click&nbsp;<strong>Insert<\/strong>.<\/p>\n\n\n\n<p>6.&nbsp;Type&nbsp;<strong>.crl<\/strong>&nbsp;at the end of the text in&nbsp;<strong>Location<\/strong>. Click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<p>7.\u00a0Select the CDP you just created.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdp20.png\" alt=\"\" width=\"365\" height=\"494\"\/><\/figure>\n\n\n\n<p>8.&nbsp;Select&nbsp;<strong>Include in CRLs<\/strong>.&nbsp;<strong>Clients use this to find Delta CRL locations<\/strong>.<\/p>\n\n\n\n<p>9.&nbsp;Select&nbsp;<strong>Include in the CDP extension of issued certificates<\/strong>.<\/p>\n\n\n\n<p>10.&nbsp;Click&nbsp;<strong>Apply<\/strong>&nbsp;save your selections. Click&nbsp;<strong>No<\/strong>&nbsp;when ask to restart the service.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"42-configure-the-crl-publishing-location\"><strong>4.2 Configure the CRL publishing location<\/strong><\/h3>\n\n\n\n<p>1.&nbsp;On the issuing certificate authority, sign-in as a local administrator. Start the&nbsp;<strong>Certificate Authority<\/strong>&nbsp;console from&nbsp;<strong>Administrative Tools<\/strong>.<\/p>\n\n\n\n<p>2.&nbsp;In the navigation pane, right-click the name of the certificate authority and click&nbsp;<strong>Properties<\/strong><\/p>\n\n\n\n<p>3.&nbsp;Click&nbsp;<strong>Extensions<\/strong>. On the&nbsp;<strong>Extensions<\/strong>&nbsp;tab, select&nbsp;<strong>CRL Distribution Point (CDP)<\/strong>&nbsp;from the&nbsp;<strong>Select extension<\/strong>&nbsp;list.<\/p>\n\n\n\n<p>4.&nbsp;On the&nbsp;<strong>Extensions<\/strong>&nbsp;tab, click&nbsp;<strong>Add<\/strong>. Type the computer and share name you create for your CRL distribution point, and do not forget the trailing forward slash.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\\\\host\\cdp$\\\ne.g. \\\\RAYAKI-SHSVR-DC\\cdp$\\\n<\/code><\/pre>\n\n\n\n<p>5.&nbsp;Select&nbsp;<strong>&lt;CaName&gt;<\/strong>&nbsp;from the&nbsp;<strong>Variable<\/strong>&nbsp;list and click&nbsp;<strong>Insert<\/strong>. Select&nbsp;<strong>&lt;CRLNameSuffix&gt;<\/strong>&nbsp;from the&nbsp;<strong>Variable<\/strong>&nbsp;list and click&nbsp;<strong>Insert<\/strong>. Select&nbsp;<strong>&lt;DeltaCRLAllowed&gt;<\/strong>&nbsp;from the&nbsp;<strong>Variable<\/strong>&nbsp;list and click&nbsp;<strong>Insert<\/strong>.<\/p>\n\n\n\n<p>6.&nbsp;Type&nbsp;<strong>.crl<\/strong>&nbsp;at the end of the text in&nbsp;<strong>Location<\/strong>. Click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<p>7.&nbsp;Select the CDP you just created.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdp22.png\" alt=\"\" width=\"323\" height=\"434\"\/><\/figure>\n\n\n\n<p>8.&nbsp;Select&nbsp;<strong>Publish CRLs to this location<\/strong>.<\/p>\n\n\n\n<p>9.&nbsp;Select&nbsp;<strong>Publish Delta CRLs to this location<\/strong>.<\/p>\n\n\n\n<p>10.&nbsp;Click Apply save your selections. Click Yes when ask to restart the service. Click OK to close the properties dialog box.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"5-publish-a-new-crl\"><strong>5. Publish a new CRL<\/strong><\/h2>\n\n\n\n<p>1.&nbsp; On the issuing certificate authority, sign-in as a local administrator. Start the&nbsp;<strong>Certificate Authority<\/strong>&nbsp;console from&nbsp;<strong>Administrative Tools<\/strong>.<\/p>\n\n\n\n<p>2.&nbsp; In the navigation pane, right-click&nbsp;<strong>Revoked Certificates<\/strong>, hover over&nbsp;<strong>All Tasks<\/strong>, and click&nbsp;<strong>Publish<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdp24.png\" alt=\"\" width=\"348\" height=\"203\"\/><\/figure>\n\n\n\n<p>3.&nbsp; In the&nbsp;<strong>Publish CRL<\/strong>&nbsp;dialog box, select&nbsp;<strong>New CRL<\/strong>&nbsp;and click&nbsp;<strong>OK<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdp25.png\" alt=\"\" width=\"530\" height=\"370\"\/><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"6-validate-cdp-publishing\"><strong>6. Validating CDP Publishing<\/strong><\/h2>\n\n\n\n<p>Open the web browser. And input CRL URL that configured before. Two files created from publishing your new CRL will be shown:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdp23.png\" alt=\"\" width=\"605\" height=\"259\"\/><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"7-validate-cdp-in-the-new-certificate\"><strong>7. Validating CDP in the new certificate<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/06\/image-74.png\" alt=\"\" class=\"wp-image-399\" width=\"342\" height=\"468\"\/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Overview Certificate revocation list (CRL)&nbsp;is a part of the X.509 security standard of the International Telecommunication Union (ITU). It&#8217;s a way for CAs (or CRL issuers) to make it known that one or more of their digital certificates is no longer trustworthy for one reason or another. A CA can revoke a certificate of your [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[10],"tags":[17,26,28],"class_list":["post-108","post","type-post","status-publish","format-standard","hentry","category-tutorial","tag-aadap","tag-iis","tag-pki"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Configuring a CRL Distribution Point for a Certificate Authority via IIS - \u6781\u7b80IT\uff5cSimpleIT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configuring a CRL Distribution Point for a Certificate Authority via IIS - \u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"og:description\" content=\"Overview Certificate revocation list (CRL)&nbsp;is a part of the X.509 security standard of the International Telecommunication Union (ITU). It&#8217;s a way for CAs (or CRL issuers) to make it known that one or more of their digital certificates is no longer trustworthy for one reason or another. A CA can revoke a certificate of your [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/\" \/>\n<meta property=\"og:site_name\" content=\"\u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-15T05:43:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-30T17:50:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png\" \/>\n<meta name=\"author\" content=\"Ruian Ding\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ruian Ding\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/\"},\"author\":{\"name\":\"Ruian Ding\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"headline\":\"Configuring a CRL Distribution Point for a Certificate Authority via IIS\",\"datePublished\":\"2022-04-15T05:43:00+00:00\",\"dateModified\":\"2023-08-30T17:50:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/\"},\"wordCount\":1812,\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png\",\"keywords\":[\"AADAP\",\"IIS\",\"PKI\"],\"articleSection\":[\"Tutorial\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/\",\"name\":\"Configuring a CRL Distribution Point for a Certificate Authority via IIS - \u6781\u7b80IT\uff5cSimpleIT\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png\",\"datePublished\":\"2022-04-15T05:43:00+00:00\",\"dateModified\":\"2023-08-30T17:50:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#primaryimage\",\"url\":\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ruianding.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Configuring a CRL Distribution Point for a Certificate Authority via IIS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\",\"url\":\"https:\/\/www.ruianding.com\/blog\/\",\"name\":\"Ruian's Tech Troubleshooting Toolbox\",\"description\":\"Debug the World.\",\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"alternateName\":\"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\",\"name\":\"Ruian Ding\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"width\":284,\"height\":284,\"caption\":\"Ruian Ding\"},\"logo\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\"},\"description\":\"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.\",\"sameAs\":[\"https:\/\/www.ruianding.com\"],\"url\":\"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Configuring a CRL Distribution Point for a Certificate Authority via IIS - \u6781\u7b80IT\uff5cSimpleIT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/","og_locale":"en_US","og_type":"article","og_title":"Configuring a CRL Distribution Point for a Certificate Authority via IIS - \u6781\u7b80IT\uff5cSimpleIT","og_description":"Overview Certificate revocation list (CRL)&nbsp;is a part of the X.509 security standard of the International Telecommunication Union (ITU). It&#8217;s a way for CAs (or CRL issuers) to make it known that one or more of their digital certificates is no longer trustworthy for one reason or another. A CA can revoke a certificate of your [&hellip;]","og_url":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/","og_site_name":"\u6781\u7b80IT\uff5cSimpleIT","article_published_time":"2022-04-15T05:43:00+00:00","article_modified_time":"2023-08-30T17:50:57+00:00","og_image":[{"url":"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png","type":"","width":"","height":""}],"author":"Ruian Ding","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ruian Ding","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#article","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/"},"author":{"name":"Ruian Ding","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"headline":"Configuring a CRL Distribution Point for a Certificate Authority via IIS","datePublished":"2022-04-15T05:43:00+00:00","dateModified":"2023-08-30T17:50:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/"},"wordCount":1812,"publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png","keywords":["AADAP","IIS","PKI"],"articleSection":["Tutorial"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/","url":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/","name":"Configuring a CRL Distribution Point for a Certificate Authority via IIS - \u6781\u7b80IT\uff5cSimpleIT","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#primaryimage"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png","datePublished":"2022-04-15T05:43:00+00:00","dateModified":"2023-08-30T17:50:57+00:00","breadcrumb":{"@id":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#primaryimage","url":"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png","contentUrl":"https:\/\/www.ruianding.com\/files\/BlogStatic\/cdp\/cdpldap.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.ruianding.com\/blog\/configuring-a-crl-distribution-point-for-a-certificate-authority-via-iis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ruianding.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Configuring a CRL Distribution Point for a Certificate Authority via IIS"}]},{"@type":"WebSite","@id":"https:\/\/www.ruianding.com\/blog\/#website","url":"https:\/\/www.ruianding.com\/blog\/","name":"Ruian's Tech Troubleshooting Toolbox","description":"Debug the World.","publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"alternateName":"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b","name":"Ruian Ding","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","width":284,"height":284,"caption":"Ruian Ding"},"logo":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/"},"description":"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.","sameAs":["https:\/\/www.ruianding.com"],"url":"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/"}]}},"_links":{"self":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/comments?post=108"}],"version-history":[{"count":4,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/108\/revisions"}],"predecessor-version":[{"id":401,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/108\/revisions\/401"}],"wp:attachment":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/media?parent=108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/categories?post=108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/tags?post=108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}