使CRL缓存无效

Question

Is there a way to immediately invalidate the CRL (Certificate Revocation List) cache causing clients to download the CRL again? 有没有办法立即使CRL（证书吊销列表）缓存无效，导致客户端再次下载CRL？

I would like to achieve it in C# without resorting to the command line 'certutil.exe'. 我想在C＃中实现它，而无需使用命令行'certutil.exe'。

Even better would be to be able to set the invalidation time (like UtcNow + 12hours) 更好的是能够设置失效时间（如UtcNow + 12hours）

Answer 1

I already implement such solution, it update CRL cache on clients machine every x hours, depending of scheduler settings. 我已经实现了这样的解决方案，它每隔x小时更新客户端计算机上的CRL缓存，具体取决于调度程序设置。 You can read about CRL here: http://social.technet.microsoft.com/wiki/contents/articles/4954.certificate-status-and-revocation-checking.aspx 你可以在这里阅读有关CRL的信息： http ： //social.technet.microsoft.com/wiki/contents/articles/4954.certificate-status-and-revocation-checking.aspx

CRL cache is stored on client machine in special folders and consist of two files stored in Metadata and Content folders. CRL缓存存储在客户端计算机上的特殊文件夹中，由两个存储在元数据和内容文件夹中的文件组成。 These folders are placed in “C:\\Documents and Settings{user name}\\Application Data\\Microsoft\\CryptnetUrlCache” and the per-machine cache location is “%WINDIR%\\System32\\config\\SystemProfile\\Application Data\\Microsoft\\CryptnetUrlCache”. 这些文件夹位于“C：\\ Documents and Settings {用户名} \\ Application Data \\ Microsoft \\ CryptnetUrlCache”中，每台计算机缓存位置为“％WINDIR％\\ System32 \\ config \\ SystemProfile \\ Application Data \\ Microsoft \\ CryptnetUrlCache” 。 Cahce files are named in MD5 hash sum of CRL url. Cahce文件以CRL url的MD5哈希值命名。 File in folder "Metadata" contains some constant data, date of last update, CRL url, CRL file size and other. 文件夹“元数据”中的文件包含一些常量数据，上次更新日期，CRL URL，CRL文件大小等。 And file in "Content" folder is CRL file itself and has the same name as file from "Metadata". “Content”文件夹中的文件是CRL文件本身，与“Metadata”中的文件同名。 I parse meta file, check if it invalid and load new CRL file by CRL url, place it to "Content" folder and rebuild metadata file. 我解析元文件，检查它是否无效并通过CRL url加载新的CRL文件，将其放到“Content”文件夹并重建元数据文件。 I use BouncyCastle library for these purposes. 我将BouncyCastle库用于这些目的。 As scheduling library I use Quartz.Net. 作为调度库，我使用Quartz.Net。

Answer 2

I know you don't want to use certutil.exe but this way you can run it in your application without cmd window showing up, if that was what you didn't want. 我知道您不想使用certutil.exe但这样您就可以在应用程序中运行它而不显示cmd窗口，如果这是您不想要的。

public bool ClearCRLCache()
{
    var pw = new ProcessWrapper();
    var result = pw.Start("certutil.exe", "-urlcache * delete");
    // -2147024637 is the exitcode when the urlcache is empty
    return (result == 0 || result == -2147024637);
}

The class ProcessWrapper: ProcessWrapper类：

public class ProcessWrapper
{
    /// <summary>
    /// Output from stderr
    /// </summary>
    public string StdErr { get; private set; }

    /// <summary>
    /// Output from stdout
    /// </summary>
    public string StdOut { get; private set; }

    /// <summary>
    /// Starts a process
    /// </summary>
    /// <param name="command">Executable filename</param>
    /// <returns>Process exitcode</returns>
    public int Start(string command)
    {
        return Start(command, "");
    }

    /// <summary>
    /// Starts a process with commandline arguments
    /// </summary>
    /// <param name="command">Executable filename</param>
    /// <param name="arguments">Commanline arguments for the process</param>
    /// <returns>Process exitcode</returns>
    public int Start(string command, string arguments)
    {
        return Start(command, arguments, "");
    }

    /// <summary>
    /// Starts a process with commandline arguments and working directory
    /// </summary>
    /// <param name="command">Executable filename</param>
    /// <param name="arguments">Commanline arguments for the process</param>
    /// <param name="workingDirectory">Working directory for the process</param>
    /// <returns>Process exitcode</returns>
    public int Start(string command, string arguments, string workingDirectory)
    {
        StdErr = "";
        StdOut = "";
        var proc = new Process();
        proc.StartInfo.FileName = command;
        proc.StartInfo.Arguments = arguments;
        proc.StartInfo.WorkingDirectory = workingDirectory;
        proc.StartInfo.UseShellExecute = false;
        proc.StartInfo.RedirectStandardOutput = true;
        proc.StartInfo.RedirectStandardError = true;
        proc.EnableRaisingEvents = true;
        proc.StartInfo.CreateNoWindow = true;

        // Write messages from stderr to StdErr property
        proc.ErrorDataReceived += (sender, e) =>
        {
            StdErr += e.Data + Environment.NewLine;
        };

        // Write messages from stdout to StdOut property
        proc.OutputDataReceived += (sender, e) =>
        {
            StdOut += e.Data + Environment.NewLine;
        };

        proc.Start();

        proc.BeginErrorReadLine();
        proc.BeginOutputReadLine();

        proc.WaitForExit();
        return proc.ExitCode;
    }
}

使CRL缓存无效

问题描述

2 个解决方案

解决方案1
1 2012-05-31 11:41:38

解决方案2
0 2012-05-16 19:06:00

使CRL缓存无效

问题描述

2 个解决方案

解决方案1 1 2012-05-31 11:41:38

解决方案2 0 2012-05-16 19:06:00

解决方案1
1 2012-05-31 11:41:38

解决方案2
0 2012-05-16 19:06:00