How do I get AIA Location Unable To Download Error cleared up?

I have an Windows 2008 CA that has OCSP install and configured on the machine.  The OCSP Location is showing OK but the AIA location for that Cert is unable to Download.  Also when I try to test OCSP I get an offline message from the server.

snapshot1.png
Nathan_lukusAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
ParanormasticConnect With a Mentor Cryptographic EngineerCommented:
You have the OCSP listed twice - once with the OCSP checkbox and once without.  This shouldn't affect anything in production, but you should clean that up on the CA.  Basically it is trying to download the root cert from that location (for the one that wasn't checked for OCSP) instead of an OCSP response.
0
 
Nathan_lukusAuthor Commented:
One is the AIA and the other is the OCSP responder.  If I disable the AIA publishing it still does not function.  
0
 
Nathan_lukusAuthor Commented:
Had to do a couple more things to fix the OCSP issue like all machines had to get a new server Cert.  But this solution did help to get to the next step.
0
 
ParanormasticCryptographic EngineerCommented:
Did you look for a second duplicate entry that only has the AIA checked, not just that you had both boxes checked under the same entry?  You need to get rid of that entry from the AIA as it does not point to a specific certificate file, so will never work.  Make sure you don't accidentally remove the record for it remaining as an OCSP entry in the AIA.

Normally the AIA locations should update automatically for an enterprise CA.  You may need to wait a little while for AD to replicate for you to see the changes.  If it does not go away after replication (usually 15 minutes) and you have closed and reopened Enterprise PKI (instead of just refreshing), let me know.
0
 
ParanormasticCryptographic EngineerCommented:
Sorry, missed the answer notice - glad its working now!
0
All Courses

From novice to tech pro — start learning today.