Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I modify the CDP and AIA URL on a standalone root certification authority

Posted on 2010-11-16
2
Medium Priority
?
2,879 Views
Last Modified: 2012-05-10
Hi, I created a certification hierarchy with an offline root certification authority in a lab environment. I followed the instructions in a TechNet article, http://technet.microsoft.com/en-us/library/cc737834(WS.10).aspx. I'm running into an issue when I start the Certificate Services on my enterprise subordinate CA. I receive the following the message, "The revocation function was unable to check revocation because the revocation server was offline, 0x80092013 (-2146885613)."

Looks like I didn't modify the URL of the certificate revocation list (CRL) and the authority information access (AIA) distribution points correctly. Here's what I did, I added a new CDP location, file://\\FQDN\sharename\<CAName><CRLNameSuffix>.crl, and selected the Include in the CDP extension of issued certificates checkbox. Then I added a new location AIA location, file://\\FQDN\sharename\<ServerDNSName>_<CaName><CertificateName>.crt, and selected the Include in the AIA extension of issued certificates checkbox.

After changing the CDP and AIA distribution points, I published a new CRL. When I open the Properties of Revoked Certificates to view the CRL, it shows the ldap location on the root CA and not the new location.

Am I not allowed to use a UNC path as a new CDP and AIA distribution point? If yes, what would be the proper format of a ldap entry to point them to a new location? Would I just copy the existing URL and change the distinguished name?
0
Comment
Question by:ipswitch
2 Comments
 
LVL 4

Accepted Solution

by:
shudman earned 1500 total points
ID: 34209489
I believe that only LDAP, HTTP and FTP are allowed....no UNCs (except the local certenroll directory).
Whilst I know you can set this in the UI, the formatting is somewhat cumbersome, and is actully a mare to get your head around, it is typically done in a script.  Have a peek at this http://technet.microsoft.com/es-es/library/cc779083(WS.10).aspx
0
 

Author Closing Comment

by:ipswitch
ID: 34277151
No.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Know what services you can and cannot, should and should not combine on your server.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question