Solved

How do I modify the CDP and AIA URL on a standalone root certification authority

Posted on 2010-11-16
2
2,680 Views
Last Modified: 2012-05-10
Hi, I created a certification hierarchy with an offline root certification authority in a lab environment. I followed the instructions in a TechNet article, http://technet.microsoft.com/en-us/library/cc737834(WS.10).aspx. I'm running into an issue when I start the Certificate Services on my enterprise subordinate CA. I receive the following the message, "The revocation function was unable to check revocation because the revocation server was offline, 0x80092013 (-2146885613)."

Looks like I didn't modify the URL of the certificate revocation list (CRL) and the authority information access (AIA) distribution points correctly. Here's what I did, I added a new CDP location, file://\\FQDN\sharename\<CAName><CRLNameSuffix>.crl, and selected the Include in the CDP extension of issued certificates checkbox. Then I added a new location AIA location, file://\\FQDN\sharename\<ServerDNSName>_<CaName><CertificateName>.crt, and selected the Include in the AIA extension of issued certificates checkbox.

After changing the CDP and AIA distribution points, I published a new CRL. When I open the Properties of Revoked Certificates to view the CRL, it shows the ldap location on the root CA and not the new location.

Am I not allowed to use a UNC path as a new CDP and AIA distribution point? If yes, what would be the proper format of a ldap entry to point them to a new location? Would I just copy the existing URL and change the distinguished name?
0
Comment
Question by:ipswitch
2 Comments
 
LVL 4

Accepted Solution

by:
shudman earned 500 total points
ID: 34209489
I believe that only LDAP, HTTP and FTP are allowed....no UNCs (except the local certenroll directory).
Whilst I know you can set this in the UI, the formatting is somewhat cumbersome, and is actully a mare to get your head around, it is typically done in a script.  Have a peek at this http://technet.microsoft.com/es-es/library/cc779083(WS.10).aspx
0
 

Author Closing Comment

by:ipswitch
ID: 34277151
No.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question