Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Wednesday, May 28, 2014 10:29 PM
Hello forum, a little background before I ask the question. Our environment has few ISA boxes and we are decommissioning few of them. Collectively all ISA traffic logging is being done to a SQL server, we have identified the traffic and it is mostly certificates (DigiCert, VeriSign) on our client machines which are going out to the internet for revocation checks. The problem that we are facing is to identify which ISA server is handling the traffic and for that we have decided to use WireShark.
Question - how can I force certificates to check for revocation so that I can capture the traffic in WireShark and identify which ISA server is being used? Is there a specific command? I tried certutil with different switches but couldn't figure out.
We haven't configured clients with any proxy settings.
Thursday, May 29, 2014 5:19 AM
> how can I force certificates to check for revocation so that I can capture the traffic in WireShark and identify which ISA server is being used?
there are several options. You can export certificate to a file (public part) and run certutil against the file:
certutil -url path\certfile.cer
or
certutil -verify -urlfetch path\certfile.cer
any of these command will force revocation checking.
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new: PowerShell FCIV tool.
Thursday, May 29, 2014 11:19 PM
Thanks Vadims, I exported a certificate and then ran the command, WireShark captured nothing? I also tried NETSH and that didn't capture anything either. So either the command is not forcing certificate to check or I am doing something wrong. Any suggestions please.