Identity with Windows Server 2016 — Question 24

You have users that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root certification authority (CA). The certificates are generated by using a custom template named WebApps. The certificate revocation list (CRL) is published to Active Directory.
When users attempt to access the web applications from the Internet, the users report that they receive a revocation warning message in their web browser. The users do not receive the message when they access the web applications from the intranet.
You need to ensure that the warning message is not generated when the users attempt to access the web applications from the Internet.
What should you do?

Answer options

• A. Install the Certificate Enrollment Web Service role service on a server in the perimeter network.
• B. Modify the WebApps certificate template, and then issue the certificates used by the web application servers.
• C. Install the Web Application Proxy role service on a server in the perimeter network. Create a publishing point for the CA.
• D. Modify the CRL distribution point, and then reissue the certificates used by the web application servers.

Correct answer: D

Explanation

The correct answer is D because modifying the CRL distribution point ensures that clients can access the most up-to-date CRL to verify the certificate status. The other options do not directly address the CRL issue; installing services or modifying templates will not resolve the revocation warning caused by an incorrect or inaccessible CRL location.