Home » Microsoft » 70-640 » What should you do?
Your network contains a server that runs Windows Server 2008 R2.
The server is configured as an enterprise root certification authority (CA).
You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a many-to-one mapping.
You revoke a certificate issued to an external partner.
You need to prevent the external partner from accessing the Web site.
What should you do?
A. Run certutil.exe -crl.
B. Run certutil.exe -delkey.
C. From Active Directory Users and Computers, modify the membership of the IIS_IUSRS group.
D. From Active Directory Users and Computers, modify the Contact object for the external partner.
Correct Answer: A
Explanation/Reference:
http://technet.microsoft.com/library/cc732443.aspx
Certutil
Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
Verbs
-CRL
Publish new certificate revocation lists (CRLs) [or only delta CRLs]
http://technet.microsoft.com/en-us/library/cc783835%28v=ws.10%29.aspx
Requesting Offline Domain Controller Certificates (Advanced Certificate Enrollment and Management)
If you have determined the keycontainername for a specific certificate, you can delete the key container with the following command.
certutil.exe -delkey <KeyContainerName>
The -delkey option is supported only with the Windows Server 2003 version of certutil. On Windows 2000, you must add a prefix to the commands. The prefix is the path you have copied the Windows Server 2003 version of certutil to. In this white paper, the %HOMEDRIVE%W2K3AdmPak path is used.
