xi2pay
asked on
PKI: Unable to download CRL to file location
I am setting up a MS PKI environment on Windows Server 2008. I have specified a CDP location for my CRL. The format used to specify the location is in the format of... "file://\\..."
I know the above location is accessible because I can get to it manually from that server using the path specified above. However, PKI is still unable to download the CRL to that location.
Any ideas why I am unsuccessful at downloading the CRL to that location?
(See attached GIF for visual.)
e-e.GIF
I know the above location is accessible because I can get to it manually from that server using the path specified above. However, PKI is still unable to download the CRL to that location.
Any ideas why I am unsuccessful at downloading the CRL to that location?
(See attached GIF for visual.)
e-e.GIF
Step one of all MS CA troubleshooting, what's in the event logs? Also have a look around with PKIview.msc (start->run->pkiview.msc) and check that all AIA and CDP locations are valid.
ASKER
The attached image file is what I get from pkiview. The only event log error is related to me not having any templates available (the server is still in development). The file location is valid, since I use the exact same path listed in the registry to grab the file manually, from the pki server itself.
The above situation is the frustrating part. Everything looks good, but still it tells me that the path is unavailable.
The above situation is the frustrating part. Everything looks good, but still it tells me that the path is unavailable.
ASKER
ok, how about this...
I want to save the CRL in the following file location:
Server Name: "Server Name"
Share: "Share Name"
CRL Name: "CRL Name 1.crl"
is the following syntax correct?
file:\\//server name\Share name\CRL Name 1.crl
or, do I need to enter special characters for the spaces in the names?
I want to save the CRL in the following file location:
Server Name: "Server Name"
Share: "Share Name"
CRL Name: "CRL Name 1.crl"
is the following syntax correct?
file:\\//server name\Share name\CRL Name 1.crl
or, do I need to enter special characters for the spaces in the names?
What happens if you try to update the CRL manually?
http://technet.microsoft.com/en-us/library/cc778151%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/cc778151%28WS.10%29.aspx
ASKER
and what's the syntax to specify an http location?
For example, is the following syntax correct?
http://my.special-domain.com/sites/Los Angeles/PKI/Shared Documents/PKI CA1.crt
I believe that I'm supposed to have special characters for the spaces. What is the correct way to write the above http location.
For example, is the following syntax correct?
http://my.special-domain.com/sites/Los Angeles/PKI/Shared Documents/PKI CA1.crt
I believe that I'm supposed to have special characters for the spaces. What is the correct way to write the above http location.
ASKER
It continues to tell me that it can not download to the location, even when I push a CRL manually.
Thanks for the help, by the way.
Thanks for the help, by the way.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The KB article is gold! Thanks CoccoBill. I have a few meetings to attend this afternoon, but will provide an update some time tomorrow, as soon as I'm able to knock this out.
Given the information in the KB article, I don't see why I can't get to the bottom of things.
Given the information in the KB article, I don't see why I can't get to the bottom of things.
ASKER
ok, one more question that's not addressed in the kb article.
my virtual directory path contains a space. how is the space addressed?
the kb article indicates the following syntax:
http://FQDN/VirtualDir/%SERVER_DNS_NAME%_%CA_NAME%%CERT_SUFFIX%.crt
my virtual directory path contains a space. how is the space addressed?
the kb article indicates the following syntax:
http://FQDN/VirtualDir/%SERVER_DNS_NAME%_%CA_NAME%%CERT_SUFFIX%.crt
ASKER
ok, i believe the correct syntax would be as follows:
...Shared%20Documents/...
A percentage symbol along with the number 2 and 0 afterward are appended.
...Shared%20Documents/...
A percentage symbol along with the number 2 and 0 afterward are appended.
ASKER
Ok, using the kb article, i verified that my syntax is correct.
I now have Microsoft on the line. This is what I've been told:
1) when you set a CDP location to HTTP, the CRL must be manually copied over there. The server does not auto-publish to HTTP locations.
2) once the crl is manually published to the HTTP location, the server will see it and no longer report a big red x that indicates a problem.
The second statement seems odd to me. Can anyone verify this process for me?
I now have Microsoft on the line. This is what I've been told:
1) when you set a CDP location to HTTP, the CRL must be manually copied over there. The server does not auto-publish to HTTP locations.
2) once the crl is manually published to the HTTP location, the server will see it and no longer report a big red x that indicates a problem.
The second statement seems odd to me. Can anyone verify this process for me?
ASKER
Well, this site is running on sharepoint, which is what's causing the screwy problem. I have had a simple IIS site created and the http problem is now resolved. Thank you very much for the ideas, CoccoBill.
ASKER
Thanks for the info. You helped me verify that my syntax was correct, which helped tremendously.