Jul 25 2023 04:13 AM
Is it possible to force a particular method/protocol for the certificate revocation used by RDC?
We have two separate enterprise environments where endpoints occasionally need to cross reference each other's certificate revocation servers. We don't allow LDAP between the two environments. CRL and OCSP is fully accessible. RDC seems to default to LDAP [only] and throws up a warning about not being able to check revocation when there is a cross-environment check required. This isn't pretty. We do have LDAP as the first certificate revocation method in our certificates as I think this is default by design.
Does RDC only support LDAP? Alternatively, is there a way to force it to use HTTP/CRL/OCSP? Seems like there should be a nice little registry entry we can inject to set the protocol order.