Clear CRL (Certificate Revocation List) cache on client computer
While testing the Microsoft PKI project in my organisation, i've encountered strange issue: user's certificate have been revoked, CRL published, but client computer was not requesting new certificate for user.
Digging resulted that in fact, client computer was not seeing that certificate was revoked. To fix this, you just need to clear CRL cache. That will do:
certutil -urlcache * delete
Tags: pki (en)