?
Solved

PKIView error

Posted on 2013-01-14
3
Medium Priority
?
985 Views
Last Modified: 2013-02-03
Hello
I am struggling to find the problem with our Certificate Authority system.  If I manually browse to the location of all of the bits in the picture below I can access them fine.  Permissions are set correction on the files.  If I browse using the URL everything works fine and the browser asks me where to save the relevant file.  Why would pkiview show "unable to download" ?
CA1 = server core 2008 r2
CA2 = Full server 2008 r2

Thanks

screenshot1
0
Comment
Question by:cloughs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Assisted Solution

by:btan
btan earned 1500 total points
ID: 38778445
Always good to start from checking the event log. But from the immediate error msg, I am suspecting that the http URL may required a FQDN for your host instead of just "wwwca", e.g. wwwca.<ENTERPRISE-DOMAIN>.<ORG>.

But suggest you look at this link which may be alluding to your issue

http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/62c4d7a5-2d62-471f-a023-a17d2c69e9f2

Extracted

....I manage to fix 3 url for the AIA Location 2, 3 and CDP location 2 issue. The problem was that the .CRL and .CRL files from the issuing CA were not copied to the web directory on the web server.

....for delta CRLs, you need to enable DoubleEscaping support on the IIS server.

I saw there is expiring indicator, you may also want to see this http://blogs.technet.com/b/pki/archive/2011/02/28/quick-check-on-adcs-health-using-enterprise-pki-tool-pkiview.aspx

Other info:

You can also try the "Certutil -verify -urlfetch <CA-certfile-exported>.cer” will check every CDP and AIA URL (including OCSP) and tell you how they are all doing at that specific instance in time since it goes to the URLs immediately.

http://www.cupfighter.net/index.php/tag/pki-view/
0
 
LVL 1

Accepted Solution

by:
cloughs earned 0 total points
ID: 38830507
The issue turned out to be DCOM permissions causing the issue.  The steps and guides above did help narrow what we were looking for though.

Thanks
0
 
LVL 1

Author Closing Comment

by:cloughs
ID: 38848245
Permissions issue
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question