You have users that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root certification authority (CA). The certificates are generated by using a custom template named WebApps. The certificate revocation list (CRL) is published to Active Directory.
When users attempt to access the web applications from the Internet, the users report that they receive a revocation warning message in their web browser. The users do not receive the message when they access the web applications from the intranet.
You need to ensure that the warning message is not generated when the users attempt to access the web applications from the Internet.
What should you do?
A. Install the Certificate Enrollment Web Service role service on a server in the perimeter network.
B. Modify the WebApps certificate template, and then issue the certificates used by the web application servers.
C. Install the Web Application Proxy role service on a server in the perimeter network. Create a publishing point for the CA.
D. Modify the CRL distribution point, and then reissue the certificates used by the web application servers.
87given answer D is correct.
According to “The users do not receive the message when they access the web applications from the intranet.” , the CRL distribution point is only accessible from Internal networks, a publicly accessible CRL distribution point is missing from the SSL certificate, therefore D is correct approach to solve the problem by adding a publicly accessible CRL Distribution Point (CDP) to the template and reissue the SSL Certificate to web server.
Answer B is incorrect, it did not mention which aspect of the template to be modified.
Answer C is incorrect, since a certificate template CDP on internal networks uses LDAP protocol or SMB protocol by default, deploying a HTTP/HTTPS based web application proxy would not help.
Answer A is totally irrelevant.