When does a windows client notice that certificate is revoked?

windows certificate microsoft-office

Solution 1:

Windows clients extensively use revocation checking (for both, CRL and OCSP). Once CRL for specified issuer or OCSP for specified certificate is retrieved, it is cached and no new queries are sent until cached information is expired.

For CRLs, they are cached up to NextUpdate value in CRL. For OCSP responses it is similar, up to nextUpdate value in SingleResponse structure which is often set to NextUpdate field of referenced CRL.

Windows client on CRL includes some advanced features, like polling. Periodically, Windows client polls CDP URL to check if new revocation information is available (through E-Tag) and prefetch it if newer information is available.

Certificate revocation is not and never was an immediate action, it takes some reasonable time to get updated on clients.

Related

Can two users on an 802.11n network with WPA/WPA2 intercept each other's traffic?
Create a /tmp partition that uses filesystem type of tmpfs in kickstart?
Kubernetes ingress 502 bad gateway on DigitalOcean
Postfix cannot load Certification Authority data error
Setting up Rsnapshot for casual manual backup?
WSUS is downloading hundreds of old declined updates
Allow a div to cover the whole page instead of the area within the container
ORA-28040: No matching authentication protocol exception
Python: call a function from string name [duplicate]
Inheriting class methods from modules / mixins in Ruby
NodeJS accessing file with relative path [duplicate]
Upgrading to Angular 10 - Fix CommonJS or AMD dependencies can cause optimization bailouts