如何在
Windows操作系统(XP,Windows 7)手册中重置本地CRL(在操作系统本地现金中)?我们需要重置本地CRL,否则操作系统将使用本地CRL直到“下一次更新”期间.
如“Manually publish the CRL”中所述:
Clients that have a cached copy of the prevIoUsly-published CRL or delta CRL will continue using it until its validity period has expired,even though a new CRL has been published. Manually publishing a CRL does not affect cached copies of CRLs that are still valid; it only makes a new CRL available for systems that do not have a valid CRL.
来自“
How Certificate Revocation Works”的文章:
原文链接:https://www.f2er.com/windows/365980.htmlcertutil -urlcache crl delete
但是有一个警告:
It may be necessary to restart the application or even the computer in order to flush the CRL cache in Windows XP or Windows Server 2003.
显然,此命令及其他变体只清除磁盘缓存,但CRL也可能缓存在内存中,因此可能需要重新启动某些服务.
对于Windows Vista(可能是7),建议使用更好的方法,这也应该清除缓存在内存中的CRL:
certutil -setreg chain\ChainCacheResyncFiletime @now
