• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1017
  • Last Modified:

PKIView error

Hello
I am struggling to find the problem with our Certificate Authority system.  If I manually browse to the location of all of the bits in the picture below I can access them fine.  Permissions are set correction on the files.  If I browse using the URL everything works fine and the browser asks me where to save the relevant file.  Why would pkiview show "unable to download" ?
CA1 = server core 2008 r2
CA2 = Full server 2008 r2

Thanks

screenshot1
0
cloughs
Asked:
cloughs
  • 2
2 Solutions
 
btanExec ConsultantCommented:
Always good to start from checking the event log. But from the immediate error msg, I am suspecting that the http URL may required a FQDN for your host instead of just "wwwca", e.g. wwwca.<ENTERPRISE-DOMAIN>.<ORG>.

But suggest you look at this link which may be alluding to your issue

http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/62c4d7a5-2d62-471f-a023-a17d2c69e9f2

Extracted

....I manage to fix 3 url for the AIA Location 2, 3 and CDP location 2 issue. The problem was that the .CRL and .CRL files from the issuing CA were not copied to the web directory on the web server.

....for delta CRLs, you need to enable DoubleEscaping support on the IIS server.

I saw there is expiring indicator, you may also want to see this http://blogs.technet.com/b/pki/archive/2011/02/28/quick-check-on-adcs-health-using-enterprise-pki-tool-pkiview.aspx

Other info:

You can also try the "Certutil -verify -urlfetch <CA-certfile-exported>.cer” will check every CDP and AIA URL (including OCSP) and tell you how they are all doing at that specific instance in time since it goes to the URLs immediately.

http://www.cupfighter.net/index.php/tag/pki-view/
0
 
cloughsAuthor Commented:
The issue turned out to be DCOM permissions causing the issue.  The steps and guides above did help narrow what we were looking for though.

Thanks
0
 
cloughsAuthor Commented:
Permissions issue
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now