I believe I have an error in a root CA on a LAN enclave, but I'm not sure how to fix it. Or rather, I think I know how to fix it, but I'm scared.
I followed this setup (changing names) to create a Root CA and an Issuing CA: http://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx
Everything seemed to go fine until I tried to set up the OCSP. As soon as I had installed the Issuing CA, I got an error in the Enterprise PKI on CA02. After some mucking about, I >believe< that the error is in this line:
"ldap://CN=Intranet Root CA,CN=AIA,CN=Public Key Services,CN=Services,..."
I >think< that ldap: requires three /// ...
My question is this: Can I revoke the certificate and reissue it from CA01, or will that cause a cascade of failures? If so, should I revoke the certificates from the client backward and re-issue them, or can I just re-issue the Root CA and install it on CA02?