SwissSign bestimmte Zertifikate widerrufen und erneuern

[StefanCink]

Ich habe mal in meinen alten Aufzeichnungen gestöbert (ja, es gab mal eine Zeit bei Net at Work in der ich mich nicht zu 100% auf NoSpamProxy konzentrieren konnte ;-) ) und folgende Befehle gefunden. Vielleicht helfen die, das besser einordnen zu können:

view OCSP cache:
certutil -urlcache ocsp

view CRL cache:
certutil -urlcache crl

view both OCSP and CRL cache:
certutil -urlcache *

And you can delete the cache like:
delete OCSP cache:
certutil -urlcache ocsp delete

delete CRL cache:
certutil -urlcache crl delete

delete “all” cache:
certutil -urlcache * delete

Instead of deleting you can invalidate the memory cache like so, set a expiry date for the CRL and OCSP cache(I did not mess too much with this one, sets a registry value to a specified date and time, the ChainCacheResynchFiletime value located in the HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config registry key; the ChainCacheResynchFiletime value specifies the date and time to clear the in-memory cache): [4][5][6][7]

immediately invalidate all items from the cache:
certutil -setreg chain\ChainCacheResyncFiletime @now

invalidate the currently cached items in 2 day, 4 hours(sets a registry value to the current date and time plus 2 days and 4 hour), basically disables temporarily the cache until after now plus 2 days and 4 hours

Gruß Stefan