How the IBCM works Cert Validity
How the IBCM works. The questions is if we change the validity period of certificate on IBCM server then how the client will know the validity is changed. how the server certificate reflect on client certificate. how will be the communication between them.
Answers ( 4 )
In addition to what Rajul mentioned,
Client machine will not have server certificate residing in it. It is the client auth certificate which will be there in the machine.
Client auth certificate will get authenticated / handshakes with the server certificate.
How it recognizes or understand is based on the CA key chains like root certificate, intermediate certificate.
If server has the expired certificate certainly client will not be able to communicate.
More details https://docs.microsoft.com/en-us/archive/blogs/askds/designing-and-implementing-a-pki-part-i-design-and-planning
It’s a pki cert topic isn’t it … it’s the same way all the other cert work … everytime it will check the validity and probably communicate with CRL
Certificate Validity Period
Digital certificates have a lifetime, a start date and an end date for which they are considered valid. You should determine what values for this lifetime are appropriate for each CA certificate and end-entity certificate issued by your CA’s. For CA’s, this lifetime is set when the CA is installed and when the private key is renewed. For end-entity certificates there are a number of factors taken into account:
These include the validity period for the issuing CA. The CA will not issue certificates that are valid past the CA’s lifetime.
The validity period specified in the Certificate Template.
The value of this registry key, specified in this KB article: http://support.microsoft.com/kb/254632
The certificate issued will be configured with the validity period that is the shortest of these items.
The authentication workflow is explained neatly in this blog. If the certificate is not having validity then this authentication won’t happen.