How do I get AIA Location Unable To Download Error cleared up?

I have an Windows 2008 CA that has OCSP install and configured on the machine.  The OCSP Location is showing OK but the AIA location for that Cert is unable to Download.  Also when I try to test OCSP I get an offline message from the server.

snapshot1.png
Nathan_lukusAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ParanormasticCryptographic EngineerCommented:
You have the OCSP listed twice - once with the OCSP checkbox and once without.  This shouldn't affect anything in production, but you should clean that up on the CA.  Basically it is trying to download the root cert from that location (for the one that wasn't checked for OCSP) instead of an OCSP response.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Nathan_lukusAuthor Commented:
One is the AIA and the other is the OCSP responder.  If I disable the AIA publishing it still does not function.  
0
Nathan_lukusAuthor Commented:
Had to do a couple more things to fix the OCSP issue like all machines had to get a new server Cert.  But this solution did help to get to the next step.
0
ParanormasticCryptographic EngineerCommented:
Did you look for a second duplicate entry that only has the AIA checked, not just that you had both boxes checked under the same entry?  You need to get rid of that entry from the AIA as it does not point to a specific certificate file, so will never work.  Make sure you don't accidentally remove the record for it remaining as an OCSP entry in the AIA.

Normally the AIA locations should update automatically for an enterprise CA.  You may need to wait a little while for AD to replicate for you to see the changes.  If it does not go away after replication (usually 15 minutes) and you have closed and reopened Enterprise PKI (instead of just refreshing), let me know.
0
ParanormasticCryptographic EngineerCommented:
Sorry, missed the answer notice - glad its working now!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server Apps

From novice to tech pro — start learning today.