troubleshooting Question

WindowsCA Certificate Revocation Checking

Avatar of jbla9028
jbla9028Flag for United States of America asked on
Windows Server 2012
2 Comments1 Solution143 ViewsLast Modified:
I have deployed a WindowsCA. I have an offline Root CA and an Enterprise Suboridinate. We issue all the certificates from the subordinate. After checking some configuration, I noticed the url used for the CRLs is invalid and clients cannot communicate to check CRLs. I need to add a valid CRL location. My questions below

1. how will this effect existing certificates in the wild? I am OK knowing the existing certs out there will not be checked for revocation as long as new Certs are.

2. Do I need to re-key and distribute a new Subordinate certificate after I modify the Extensions (CDP/AIA)?

Thank you in advance.
David Johnson, CD
The More I know, the more I don't know
Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros