Environment
- App Control Server: All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
Check for the URL address used by Crypto API for Certificate Revocation List (CRL) during certificate validation
Resolution
Steps to find the specific URL Address:
- Right-click on the file signed by the publisher’s certificate
- Select Properties
- Go to Digital Signatures tab
- Select the signer and click Details
- Click View Certificates
- Go to Details tab
- The info that you need is in the "CRL Distribution Point"
To install a CRL obtained from the URL address:
- Obtain the CRL as a file from URL
- Go to the configuration page in the administration console
- Click the Certificates > Certificate Authorities tab
- Click the Install CRL button
- Enter the full path name to the associated file
- Click OK
Additional Notes
- The App Control agent calls on the Crypto API (crypt32) that’s part of the operating system to check the certificate used on the file
- One of the items that need to be validated is the revocation status of the certificate using a URL address defined on the CRL Distribution Point of the certificate
- Each certificate has different URL address
