Solved

How do I modify the CDP and AIA URL on a standalone root certification authority

Posted on 2010-11-16
2
2,653 Views
Last Modified: 2012-05-10
Hi, I created a certification hierarchy with an offline root certification authority in a lab environment. I followed the instructions in a TechNet article, http://technet.microsoft.com/en-us/library/cc737834(WS.10).aspx. I'm running into an issue when I start the Certificate Services on my enterprise subordinate CA. I receive the following the message, "The revocation function was unable to check revocation because the revocation server was offline, 0x80092013 (-2146885613)."

Looks like I didn't modify the URL of the certificate revocation list (CRL) and the authority information access (AIA) distribution points correctly. Here's what I did, I added a new CDP location, file://\\FQDN\sharename\<CAName><CRLNameSuffix>.crl, and selected the Include in the CDP extension of issued certificates checkbox. Then I added a new location AIA location, file://\\FQDN\sharename\<ServerDNSName>_<CaName><CertificateName>.crt, and selected the Include in the AIA extension of issued certificates checkbox.

After changing the CDP and AIA distribution points, I published a new CRL. When I open the Properties of Revoked Certificates to view the CRL, it shows the ldap location on the root CA and not the new location.

Am I not allowed to use a UNC path as a new CDP and AIA distribution point? If yes, what would be the proper format of a ldap entry to point them to a new location? Would I just copy the existing URL and change the distinguished name?
0
Comment
Question by:ipswitch
2 Comments
 
LVL 4

Accepted Solution

by:
shudman earned 500 total points
ID: 34209489
I believe that only LDAP, HTTP and FTP are allowed....no UNCs (except the local certenroll directory).
Whilst I know you can set this in the UI, the formatting is somewhat cumbersome, and is actully a mare to get your head around, it is typically done in a script.  Have a peek at this http://technet.microsoft.com/es-es/library/cc779083(WS.10).aspx
0
 

Author Closing Comment

by:ipswitch
ID: 34277151
No.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
A procedure for exporting installed hotfix details of remote computers using powershell
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now