We help IT Professionals succeed at work.

SBS2008 Enterprise PKI Errors

Medium Priority
1,070 Views
Last Modified: 2012-05-12
I have a SBS2008 server - and we recently moved into a new office (changed our public IP).  I"m not sure what happened, but I remember seeing somewhere where a certificate needed to be renewed, in the AD Certificate Services section.  Thinking it had to do with my public IP changing (probably incorrect, but that was what I was thinking at the time), I believe I selected to renew the cert.

I am seeing errors (see attached) in the AIA Location #1, DeltaCRL Location #2 and CDP Location#2.

I do have a certificate from GoDaddy that I purchased for our webmail server, but it doesn't expire until March 2012 I believe.

Can anyone tell me how to resolve this issue?  I'm having other problems with this server that I think may be related to this.

Thanks.

11-1-2011-10-20-24-AM.png
Comment
Watch Question

ShmoidSenior Engineer
Commented:
The errors you are seeing just mean that the Enterprise PKI snap-in can’t find the CA’s public key and CRL in the location specified.  First check the http location to be sure the files are actually there. If they are, check to make sure IIS is running and connectivity to the specified server is working.

This is unlikely to cause other problems. If your clients are all internal you could even delete the http locations for AIA and CDP or better yet put them on a different server and update the locations.

Author

Commented:
The files do not exist under that website.  Can I reinstall them somewhere?

Thanks.
Senior Engineer
Commented:
Yes, you can copy the files to any webserver and chage the AIA and CDP locations for http. You could also delete them if all your clients are internal. The Cert and CRL are being published to Active Directory so the LDAP locations are all you really need.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.